Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report xax2K3BWhm.exe

Overview

General Information

Sample Name:xax2K3BWhm.exe
Analysis ID:435322
MD5:e3686e4e0ed04a1fd38bb5060cb2441e
SHA1:7a6e59e6c01135ab4ec685dc8c6bf7835429c916
SHA256:1d1dbabc1c905c7153847c6bb5b88905942d414c4dbf39e3784dc9a62e1120db
Tags:exe
Infos:

Most interesting Screenshot:

Detection

SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Benign windows process drops PE files
DLL reload attack detected
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected SmokeLoader
C2 URLs / IPs found in malware configuration
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Checks if the current machine is a virtual machine (disk enumeration)
Contains functionality to inject code into remote processes
Creates a thread in another existing process (thread injection)
Deletes itself after installation
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Renames NTDLL to bypass HIPS
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
PE file does not import any functions
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • xax2K3BWhm.exe (PID: 6992 cmdline: 'C:\Users\user\Desktop\xax2K3BWhm.exe' MD5: E3686E4E0ED04A1FD38BB5060CB2441E)
    • xax2K3BWhm.exe (PID: 6136 cmdline: 'C:\Users\user\Desktop\xax2K3BWhm.exe' MD5: E3686E4E0ED04A1FD38BB5060CB2441E)
  • explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
  • ahafdus (PID: 6224 cmdline: C:\Users\user\AppData\Roaming\ahafdus MD5: E3686E4E0ED04A1FD38BB5060CB2441E)
    • ahafdus (PID: 4832 cmdline: C:\Users\user\AppData\Roaming\ahafdus MD5: E3686E4E0ED04A1FD38BB5060CB2441E)
  • cleanup

Malware Configuration

Threatname: SmokeLoader

{"C2 list": ["https://hewilldoit.xyz/zizi/", "https://hehasdoneit.xyz/zizi/"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000E.00000002.788412687.00000000004A0000.00000004.00000001.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000004.00000002.715843467.0000000000580000.00000004.00000001.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      00000004.00000002.715911224.0000000001F61000.00000004.00000001.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        0000000E.00000002.788476185.0000000000521000.00000004.00000001.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          4.1.xax2K3BWhm.exe.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            14.1.ahafdus.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
              4.2.xax2K3BWhm.exe.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                14.2.ahafdus.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security

                  Sigma Overview

                  No Sigma rule has matched

                  Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: 0000000E.00000002.788412687.00000000004A0000.00000004.00000001.sdmpMalware Configuration Extractor: SmokeLoader {"C2 list": ["https://hewilldoit.xyz/zizi/", "https://hehasdoneit.xyz/zizi/"]}
                  Multi AV Scanner detection for dropped fileShow sources
                  Source: C:\Users\user\AppData\Roaming\ahafdusReversingLabs: Detection: 44%
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: xax2K3BWhm.exeReversingLabs: Detection: 44%
                  Machine Learning detection for dropped fileShow sources
                  Source: C:\Users\user\AppData\Roaming\ahafdusJoe Sandbox ML: detected
                  Machine Learning detection for sampleShow sources
                  Source: xax2K3BWhm.exeJoe Sandbox ML: detected
                  Source: xax2K3BWhm.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                  Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000006.00000000.683350760.0000000005A00000.00000002.00000001.sdmp
                  Source: Binary string: wntdll.pdbUGP source: xax2K3BWhm.exe, 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, ahafdus, 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, BCCB.tmp.4.dr
                  Source: Binary string: wntdll.pdb source: xax2K3BWhm.exe, ahafdus, BCCB.tmp.4.dr
                  Source: Binary string: C:\faxeka.pdb source: xax2K3BWhm.exe
                  Source: Binary string: O7C:\faxeka.pdb`KC@+C source: xax2K3BWhm.exe
                  Source: Binary string: wscui.pdb source: explorer.exe, 00000006.00000000.683350760.0000000005A00000.00000002.00000001.sdmp

                  Networking:

                  barindex
                  C2 URLs / IPs found in malware configurationShow sources
                  Source: Malware configuration extractorURLs: https://hewilldoit.xyz/zizi/
                  Source: Malware configuration extractorURLs: https://hehasdoneit.xyz/zizi/
                  Performs DNS queries to domains with low reputationShow sources
                  Source: C:\Windows\explorer.exeDNS query: hewilldoit.xyz
                  Source: Joe Sandbox ViewASN Name: HSAE HSAE
                  Source: unknownDNS traffic detected: queries for: hewilldoit.xyz
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                  Source: explorer.exe, 00000006.00000000.670999978.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757

                  Key, Mouse, Clipboard, Microphone and Screen Capturing:

                  barindex
                  Yara detected SmokeLoaderShow sources
                  Source: Yara matchFile source: 0000000E.00000002.788412687.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.715843467.0000000000580000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.715911224.0000000001F61000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.788476185.0000000000521000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 4.1.xax2K3BWhm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.1.ahafdus.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.xax2K3BWhm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.ahafdus.400000.0.unpack, type: UNPACKEDPE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 0_2_03390110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,0_2_03390110
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_004017F6 Sleep,NtTerminateProcess,4_2_004017F6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_00401801 Sleep,NtTerminateProcess,4_2_00401801
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_0040180F Sleep,NtTerminateProcess,4_2_0040180F
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_00401813 Sleep,NtTerminateProcess,4_2_00401813
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_00401820 Sleep,NtTerminateProcess,4_2_00401820
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_004017CF Sleep,NtTerminateProcess,4_2_004017CF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849780 ZwMapViewOfSection,LdrInitializeThunk,4_2_6D849780
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849600 ZwOpenKey,LdrInitializeThunk,4_2_6D849600
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849660 ZwAllocateVirtualMemory,LdrInitializeThunk,4_2_6D849660
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84967A NtQueryInformationProcess,LdrInitializeThunk,4_2_6D84967A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8499A0 ZwCreateSection,LdrInitializeThunk,4_2_6D8499A0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8498C0 ZwDuplicateObject,LdrInitializeThunk,4_2_6D8498C0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849820 ZwEnumerateKey,LdrInitializeThunk,4_2_6D849820
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849860 ZwQuerySystemInformation,LdrInitializeThunk,4_2_6D849860
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81DD80 RtlAcquireSRWLockShared,ZwQueryVirtualMemory,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlRaiseStatus,RtlAddressInSectionTable,RtlImageDirectoryEntryToData,4_2_6D81DD80
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1582 ZwTraceEvent,4_2_6D8C1582
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803591 ZwSetInformationFile,4_2_6D803591
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8065A0 RtlpGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwQueryLicenseValue,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetVersion,4_2_6D8065A0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849DA0 ZwAlpcSendWaitReceivePort,4_2_6D849DA0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8495B0 ZwSetInformationThread,4_2_6D8495B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849DB0 ZwAlpcSetInformation,4_2_6D849DB0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804DC0 RtlpUnWaitCriticalSection,RtlWakeAddressAllNoFence,RtlRaiseStatus,TpWaitForAlpcCompletion,RtlpUnWaitCriticalSection,ZwSetEvent,TpWaitForAlpcCompletion,ZwAlpcQueryInformation,4_2_6D804DC0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8495C0 ZwSetEvent,4_2_6D8495C0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82EDC4 ZwCancelWaitCompletionPacket,4_2_6D82EDC4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8045D0 RtlGetThreadWorkOnBehalfTicket,RtlGetThreadWorkOnBehalfTicket,ZwQueryInformationThread,4_2_6D8045D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8495D0 ZwClose,4_2_6D8495D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849DE0 ZwAssociateWaitCompletionPacket,4_2_6D849DE0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8095F0 TpSetPoolMinThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMinThreads,4_2_6D8095F0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BBDFA RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,4_2_6D8BBDFA
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8495F0 ZwQueryInformationFile,4_2_6D8495F0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891D0B ZwSetInformationProcess,4_2_6D891D0B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AD10 ZwSetCachedSigningLevel,4_2_6D84AD10
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D831520 RtlInitializeCriticalSectionEx,RtlInitializeCriticalSectionEx,RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D831520
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849520 ZwWaitForSingleObject,4_2_6D849520
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BFD22 ZwQueryInformationProcess,RtlUniform,4_2_6D8BFD22
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834D3B memset,RtlRunOnceExecuteOnce,ZwTraceControl,memcmp,RtlNtStatusToDosError,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,4_2_6D834D3B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8D34 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D8D34
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D883540 LdrAppxHandleIntegrityFailure,RtlQueryPackageIdentityEx,memset,ZwQueryValueKey,RtlFreeHeap,ZwClose,memset,memset,RtlCaptureContext,RtlReportException,ZwTerminateProcess,4_2_6D883540
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891D43 ZwQueryInformationThread,4_2_6D891D43
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D830548 RtlEnterCriticalSection,RtlLeaveCriticalSection,RtlRbInsertNodeEx,ZwQueryVirtualMemory,4_2_6D830548
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891D6A ZwWaitForMultipleObjects,4_2_6D891D6A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C6D61 ZwAllocateVirtualMemoryEx,4_2_6D8C6D61
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849D70 ZwAlpcQueryInformation,4_2_6D849D70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891570 ZwQuerySystemInformation,RtlInitUnicodeString,memset,ZwAlpcConnectPort,ZwAlpcSendWaitReceivePort,ZwClose,4_2_6D891570
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A480 ZwInitializeNlsFiles,4_2_6D84A480
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 ZwAllocateVirtualMemory,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D883C93 wcschr,RtlInitUnicodeString,wcstoul,RtlAnsiStringToUnicodeString,RtlCompareUnicodeString,ZwProtectVirtualMemory,DbgPrintEx,RtlFreeUnicodeString,4_2_6D883C93
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D840CA1 ZwQuerySecurityAttributesToken,ZwQuerySecurityAttributesToken,ZwQuerySecurityAttributesToken,4_2_6D840CA1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D4CAB ZwTraceControl,4_2_6D8D4CAB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D802CDB RtlFreeHeap,ZwClose,ZwSetEvent,4_2_6D802CDB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8CD6 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D8CD6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80F4E3 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,4_2_6D80F4E3
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891CE4 ZwQueryInformationProcess,4_2_6D891CE4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B64FB ZwOpenKey,ZwQueryValueKey,RtlEqualUnicodeString,RtlEqualUnicodeString,RtlEqualUnicodeString,ZwClose,4_2_6D8B64FB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C14FB memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8C14FB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D840413 ZwUnmapViewOfSection,4_2_6D840413
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8C14 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D8C14
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1411 ZwTraceEvent,4_2_6D8C1411
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A420 ZwGetNlsSectionPtr,4_2_6D84A420
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82FC39 ZwAssociateWaitCompletionPacket,4_2_6D82FC39
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891C49 ZwQueryInformationProcess,4_2_6D891C49
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849C40 ZwAllocateVirtualMemoryEx,4_2_6D849C40
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805450 RtlClearThreadWorkOnBehalfTicket,memcmp,RtlClearThreadWorkOnBehalfTicket,ZwSetInformationThread,4_2_6D805450
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89C450 RtlReleasePrivilege,ZwAdjustPrivilegesToken,ZwSetInformationThread,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,4_2_6D89C450
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B3C60 RtlFlushSecureMemoryCache,ZwQueryVirtualMemory,4_2_6D8B3C60
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82746D RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,4_2_6D82746D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849C70 ZwAlpcConnectPort,4_2_6D849C70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D845C70 TpSetPoolMaxThreadsSoftLimit,ZwSetInformationWorkerFactory,4_2_6D845C70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B ZwFreeVirtualMemory,RtlFillMemoryUlong,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,DbgPrint,DbgPrint,DbgPrint,4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8C75 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D8C75
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891C76 ZwQueryInformationProcess,4_2_6D891C76
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B5F87 ZwUnmapViewOfSection,4_2_6D8B5F87
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D843FA0 RtlGetLocaleFileMappingAddress,ZwInitializeNlsFiles,RtlGetLocaleFileMappingAddress,ZwUnmapViewOfSection,4_2_6D843FA0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D88A7AC ZwCompareSigningLevels,ZwCompareSigningLevels,4_2_6D88A7AC
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8497A0 ZwUnmapViewOfSection,4_2_6D8497A0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80A7B0 RtlImpersonateSelfEx,ZwOpenProcessTokenEx,ZwDuplicateToken,ZwSetInformationThread,ZwClose,ZwClose,RtlImpersonateSelfEx,4_2_6D80A7B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80F7C0 EtwNotificationUnregister,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwClose,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,EtwNotificationUnregister,4_2_6D80F7C0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8497C0 ZwTerminateProcess,4_2_6D8497C0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AFD0 ZwShutdownWorkerFactory,4_2_6D84AFD0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89E7D3 ZwOpenThreadTokenEx,ZwOpenThreadTokenEx,4_2_6D89E7D3
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83DFDF RtlWakeAddressAllNoFence,ZwAlertThreadByThreadId,RtlWakeAddressAllNoFence,4_2_6D83DFDF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D890FEC ZwDuplicateObject,ZwDuplicateObject,4_2_6D890FEC
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8337EB RtlImageNtHeader,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,ZwCreateIoCompletion,ZwCreateWorkerFactory,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwSetInformationWorkerFactory,4_2_6D8337EB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8497F0 ZwOpenThreadTokenEx,4_2_6D8497F0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D810FFD RtlInitUnicodeString,ZwQueryValueKey,4_2_6D810FFD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849710 ZwQueryInformationToken,4_2_6D849710
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,4_2_6D83E730
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849730 ZwQueryVirtualMemory,4_2_6D849730
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BCF30 ZwAlertThreadByThreadId,4_2_6D8BCF30
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849740 ZwOpenThreadToken,4_2_6D849740
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83174B ZwFreeVirtualMemory,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,4_2_6D83174B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D840F48 ZwOpenKey,ZwClose,ZwClose,ZwCreateKey,RtlInitUnicodeStringEx,ZwSetValueKey,RtlInitUnicodeStringEx,ZwSetValueKey,ZwClose,4_2_6D840F48
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D88A746 ZwGetCachedSigningLevel,ZwCompareSigningLevels,ZwSetCachedSigningLevel,4_2_6D88A746
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849750 ZwQueryInformationThread,4_2_6D849750
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AF60 ZwSetTimer2,4_2_6D84AF60
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89176C ZwOpenEvent,ZwWaitForSingleObject,ZwClose,4_2_6D89176C
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8F6A RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D8F6A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849F70 ZwCreateIoCompletion,4_2_6D849F70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849770 ZwSetInformationFile,4_2_6D849770
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BCF70 RtlpGetUserOrMachineUILanguage4NLS,RtlInitUnicodeString,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,ZwClose,4_2_6D8BCF70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803E80 RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D803E80
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BBE9B RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,4_2_6D8BBE9B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A690 ZwOpenKeyEx,4_2_6D84A690
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83DE9E RtlAcquireSRWLockExclusive,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwUnsubscribeWnfStateChange,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlFreeHeap,4_2_6D83DE9E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D802E9F ZwCreateEvent,ZwClose,4_2_6D802E9F
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849EA0 ZwCompareSigningLevels,4_2_6D849EA0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D892EA3 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D892EA3
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D3EBC ZwTraceControl,RtlNtStatusToDosError,RtlSetLastWin32Error,4_2_6D8D3EBC
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8496C0 ZwSetInformationProcess,4_2_6D8496C0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D839ED0 RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlAcquireSRWLockShared,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,ZwWaitForAlertByThreadId,4_2_6D839ED0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8496D0 ZwCreateKey,4_2_6D8496D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8066D4 RtlInitUnicodeString,ZwQueryValueKey,4_2_6D8066D4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D88A6DE ZwRaiseHardError,4_2_6D88A6DE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D802ED8 ZwWaitForAlertByThreadId,ZwWaitForAlertByThreadId,4_2_6D802ED8
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8ED6 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D8ED6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8496E0 ZwFreeVirtualMemory,4_2_6D8496E0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80B6F0 EtwEventWriteNoRegistration,ZwTraceEvent,RtlNtStatusToDosError,4_2_6D80B6F0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8916FA ZwQueryWnfStateNameInformation,ZwUpdateWnfStateData,EtwEventWriteNoRegistration,4_2_6D8916FA
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D85DEF0 RtlRaiseException,RtlCaptureContext,ZwRaiseException,RtlRaiseStatus,4_2_6D85DEF0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82E6F9 ZwAlpcSetInformation,4_2_6D82E6F9
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80C600 LdrQueryImageFileKeyOption,RtlInitUnicodeStringEx,ZwQueryValueKey,LdrQueryImageFileKeyOption,RtlFreeHeap,RtlAllocateHeap,ZwQueryValueKey,RtlFreeHeap,RtlUnicodeStringToInteger,memcpy,4_2_6D80C600
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D842E1C RtlInitializeCriticalSectionEx,ZwDelayExecution,4_2_6D842E1C
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D892E14 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D892E14
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849E20 ZwCancelTimer2,4_2_6D849E20
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D3E22 ZwTraceControl,RtlNtStatusToDosError,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,4_2_6D8D3E22
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80B630 ZwWaitForKeyedEvent,4_2_6D80B630
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BFE3F memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8BFE3F
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849E30 ZwCancelWaitCompletionPacket,4_2_6D849E30
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84B640 RtlUnhandledExceptionFilter,ZwTerminateProcess,4_2_6D84B640
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84B650 RtlUnhandledExceptionFilter,ZwTerminateProcess,4_2_6D84B650
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849650 ZwQueryValueKey,4_2_6D849650
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83BE62 ZwProtectVirtualMemory,RtlGetCurrentTransaction,RtlGetCurrentTransaction,4_2_6D83BE62
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AE70 ZwSetInformationWorkerFactory,4_2_6D84AE70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849670 ZwQueryInformationProcess,4_2_6D849670
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82C182 RtlGetCurrentServiceSessionId,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,4_2_6D82C182
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84B180 ZwWaitForAlertByThreadId,4_2_6D84B180
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849980 ZwCreateEvent,4_2_6D849980
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8CA189 RtlAcquireSRWLockExclusive,ZwGetNlsSectionPtr,RtlAllocateHeap,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,4_2_6D8CA189
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849990 ZwQueryVolumeInformationFile,4_2_6D849990
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80519E RtlEqualUnicodeString,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,4_2_6D80519E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84B1A0 ZwWaitForKeyedEvent,4_2_6D84B1A0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C49A4 ZwAllocateVirtualMemory,RtlCompareMemory,memcpy,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,4_2_6D8C49A4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A9B0 ZwQueryLicenseValue,4_2_6D84A9B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8319B8 RtlEnterCriticalSection,RtlLeaveCriticalSection,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwWaitForSingleObject,RtlQueryInformationActiveActivationContext,RtlQueryInformationActivationContext,4_2_6D8319B8
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8919C8 ZwCreateSection,ZwMapViewOfSection,memset,ZwUnmapViewOfSection,ZwClose,4_2_6D8919C8
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D89E7 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D89E7
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809100 TpReleasePool,RtlAcquireSRWLockExclusive,ZwShutdownWorkerFactory,RtlGetCurrentServiceSessionId,TpReleasePool,TpReleasePool,RtlDebugPrintTimes,TpReleasePool,4_2_6D809100
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D810100 LdrUnloadAlternateResourceModuleEx,RtlAcquireSRWLockExclusive,ZwUnmapViewOfSection,ZwClose,LdrUnloadAlternateResourceModuleEx,RtlFreeHeap,RtlFreeHeap,RtlReAllocateHeap,4_2_6D810100
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849900 ZwOpenEvent,4_2_6D849900
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849910 ZwAdjustPrivilegesToken,4_2_6D849910
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D824120 RtlAllocateHeap,memmove,memmove,RtlPrefixUnicodeString,RtlAllocateHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlFreeHeap,4_2_6D824120
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849920 ZwDuplicateToken,4_2_6D849920
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89193B ZwRaiseException,ZwTerminateProcess,4_2_6D89193B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A130 ZwCreateWaitCompletionPacket,4_2_6D84A130
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8DF13B ZwOpenKey,ZwCreateKey,4_2_6D8DF13B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82B944 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,RtlGetCurrentServiceSessionId,ZwSetTimer2,RtlGetCurrentServiceSessionId,ZwCancelTimer2,4_2_6D82B944
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84B150 ZwUnsubscribeWnfStateChange,4_2_6D84B150
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80395E RtlAcquireSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,4_2_6D80395E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84B160 ZwUpdateWnfStateData,4_2_6D84B160
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A160 ZwCreateWorkerFactory,4_2_6D84A160
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8966 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D8966
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80B171 ZwQueryDebugFilterState,_alloca_probe_16,memcpy,_vsnprintf,ZwWow64DebuggerCall,RtlRaiseException,4_2_6D80B171
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D883971 ZwOpenKeyEx,4_2_6D883971
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891976 ZwCreateEvent,4_2_6D891976
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803880 TpSetWaitEx,RtlAllocateHeap,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,TpSetWaitEx,4_2_6D803880
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D883884 ZwQueryValueKey,RtlAllocateHeap,ZwQueryValueKey,RtlFreeHeap,4_2_6D883884
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84108B ZwClose,4_2_6D84108B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82E090 RtlWow64EnableFsRedirectionEx,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,4_2_6D82E090
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A890 ZwQueryDebugFilterState,4_2_6D84A890
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849890 ZwFsControlFile,4_2_6D849890
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B60A2 ZwQueryInformationFile,4_2_6D8B60A2
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82F0AE ZwSetInformationWorkerFactory,4_2_6D82F0AE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84B0B0 ZwTraceControl,4_2_6D84B0B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8318B9 ZwCreateTimer2,ZwCreateWaitCompletionPacket,ZwAssociateWaitCompletionPacket,ZwClose,4_2_6D8318B9
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83F0BF ZwOpenFile,RtlFreeHeap,ZwQueryVolumeInformationFile,RtlAllocateHeap,memcpy,ZwClose,ZwClose,RtlFreeHeap,4_2_6D83F0BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8070C0 ZwClose,RtlFreeHeap,RtlFreeHeap,4_2_6D8070C0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8400C2 ZwAlertThreadByThreadId,4_2_6D8400C2
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8410D7 ZwOpenKey,ZwCreateKey,4_2_6D8410D7
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A0D0 ZwCreateTimer2,4_2_6D84A0D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8498D0 ZwQueryAttributesFile,4_2_6D8498D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89B8D0 RtlAcquirePrivilege,RtlAllocateHeap,ZwSetInformationThread,RtlImpersonateSelfEx,ZwOpenProcessTokenEx,ZwAdjustPrivilegesToken,RtlAllocateHeap,ZwAdjustPrivilegesToken,RtlFreeHeap,RtlFreeHeap,ZwClose,ZwSetInformationThread,ZwClose,RtlFreeHeap,4_2_6D89B8D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80B8F0 TpSetPoolStackInformation,ZwSetInformationWorkerFactory,4_2_6D80B8F0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8180FC RtlEqualUnicodeString,ZwMapViewOfSection,ZwUnmapViewOfSection,LdrQueryImageFileKeyOption,RtlAcquirePrivilege,RtlReleasePrivilege,4_2_6D8180FC
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8040FD RtlImageNtHeaderEx,DbgPrintEx,memset,RtlDebugPrintTimes,DbgPrintEx,wcsstr,DbgPrintEx,DbgPrintEx,wcschr,DbgPrintEx,ZwSetInformationProcess,4_2_6D8040FD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849800 ZwOpenProcessTokenEx,4_2_6D849800
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8DF019 RtlInitUnicodeString,RtlInitUnicodeString,ZwQueryValueKey,RtlAllocateHeap,ZwQueryValueKey,RtlInitUnicodeString,ZwClose,RtlFreeHeap,4_2_6D8DF019
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80F018 RtlAllocateHeap,ZwQueryValueKey,memcpy,RtlFreeHeap,4_2_6D80F018
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834020 RtlGetVersion,RtlGetSuiteMask,RtlGetNtProductType,RtlInitUnicodeString,ZwQueryLicenseValue,RtlGetSuiteMask,RtlGetVersion,4_2_6D834020
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849830 ZwOpenFile,4_2_6D849830
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849840 ZwDelayExecution,4_2_6D849840
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805050 RtlSetCurrentDirectory_U,RtlAllocateHeap,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlSetCurrentDirectory_U,RtlFreeHeap,RtlFreeHeap,4_2_6D805050
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8858 ZwAlertThreadByThreadId,4_2_6D8D8858
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81106F ZwOpenKey,ZwClose,4_2_6D81106F
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891879 ZwAllocateVirtualMemory,memset,RtlInitializeSid,4_2_6D891879
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C138A memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8C138A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D802B93 TpSetDefaultPoolMaxThreads,ZwDuplicateToken,4_2_6D802B93
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A390 ZwGetCachedSigningLevel,4_2_6D84A390
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83939F RtlInitializeCriticalSectionEx,ZwDelayExecution,4_2_6D83939F
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84A3A0 ZwGetCompleteWnfStateSubscription,4_2_6D84A3A0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1BA8 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8C1BA8
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834BAD RtlAcquireSRWLockExclusive,memset,ZwTraceControl,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,4_2_6D834BAD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D9BBE RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D9BBE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8BB6 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D8BB6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D802BC2 ZwOpenThreadToken,ZwSetInformationThread,ZwClose,4_2_6D802BC2
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849BF0 ZwAlertThreadByThreadId,4_2_6D849BF0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8023F6 ZwClose,RtlFreeHeap,4_2_6D8023F6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804B00 TpCallbackMayRunLong,TpCallbackMayRunLong,ZwSetInformationWorkerFactory,4_2_6D804B00
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849B00 ZwSetValueKey,4_2_6D849B00
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D835306 ZwReleaseKeyedEvent,4_2_6D835306
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C131B RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8C131B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809335 ZwClose,ZwClose,4_2_6D809335
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D833B48 ZwClose,ZwClose,4_2_6D833B48
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8B58 RtlGetCurrentServiceSessionId,ZwTraceEvent,4_2_6D8D8B58
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B6369 RtlInitUnicodeString,ZwOpenFile,ZwCreateSection,ZwMapViewOfSection,ZwClose,ZwClose,4_2_6D8B6369
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AB60 ZwReleaseKeyedEvent,4_2_6D84AB60
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D816B6B ZwQueryAttributesFile,RtlDeleteBoundaryDescriptor,4_2_6D816B6B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D887365 RtlRunOnceExecuteOnce,ZwQuerySystemInformation,RtlCaptureContext,memset,RtlReportException,4_2_6D887365
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D833B7A RtlAllocateHeap,ZwQuerySystemInformationEx,memset,RtlFreeHeap,4_2_6D833B7A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D898372 ZwClose,RtlStringFromGUIDEx,ZwCreateKey,RtlFreeUnicodeString,4_2_6D898372
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D802B7E ZwSetInformationThread,ZwClose,4_2_6D802B7E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D822280 RtlAcquireSRWLockExclusive,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,ZwTerminateProcess,4_2_6D822280
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84B280 ZwWow64DebuggerCall,4_2_6D84B280
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AA90 ZwQuerySystemInformationEx,4_2_6D84AA90
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83D294 ZwQueryAttributesFile,RtlFreeHeap,ZwClose,RtlFreeHeap,4_2_6D83D294
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80429E RtlInitUnicodeString,ZwClose,LdrQueryImageFileKeyOption,4_2_6D80429E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D801AA0 RtlAllocateHandle,RtlReAllocateHeap,ZwAllocateVirtualMemory,ZwAllocateVirtualMemory,RtlAllocateHeap,4_2_6D801AA0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D835AA0 TpSetPoolMaxThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMaxThreads,4_2_6D835AA0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8052A5 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwFsControlFile,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,4_2_6D8052A5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849AB0 ZwWaitForMultipleObjects,4_2_6D849AB0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83E2BB ZwWaitForAlertByThreadId,4_2_6D83E2BB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AAC0 ZwQueryWnfStateNameInformation,4_2_6D84AAC0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82FAD0 RtlAcquireSRWLockShared,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockShared,ZwTerminateProcess,4_2_6D82FAD0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891AD6 ZwFreeVirtualMemory,4_2_6D891AD6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849AE0 ZwTraceEvent,4_2_6D849AE0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AAE0 ZwRaiseException,4_2_6D84AAE0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AAF0 ZwRaiseHardError,4_2_6D84AAF0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849A00 ZwProtectVirtualMemory,4_2_6D849A00
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805210 RtlGetCurrentDirectory_U,memcpy,RtlGetCurrentDirectory_U,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,4_2_6D805210
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8214 RtlAcquireSRWLockExclusive,ZwSetInformationWorkerFactory,RtlReleaseSRWLockExclusive,4_2_6D8D8214
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804A20 RtlGetCurrentServiceSessionId,RtlFreeHeap,ZwClose,RtlReleaseActivationContext,LdrUnloadDll,4_2_6D804A20
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84AA20 ZwQuerySecurityAttributesToken,4_2_6D84AA20
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 ZwAllocateVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwQueryVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlFillMemoryUlong,DbgPrint,DbgPrint,DbgPrint,4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83B230 EtwEventWrite,ZwTraceEvent,RtlNtStatusToDosError,EtwEventWrite,4_2_6D83B230
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D808239 RtlInitUnicodeStringEx,ZwQueryValueKey,RtlInitUnicodeStringEx,RtlPrefixUnicodeString,ZwEnumerateKey,ZwOpenKey,RtlInitUnicodeStringEx,ZwQueryValueKey,RtlFreeHeap,ZwClose,RtlAllocateHeap,RtlCompareUnicodeString,ZwClose,RtlFreeHeap,ZwClose,4_2_6D808239
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809240 ZwClose,ZwClose,RtlFreeHeap,RtlFreeHeap,RtlFreeHeap,RtlAcquireSRWLockExclusive,RtlFreeHeap,4_2_6D809240
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D891242 ZwUnmapViewOfSection,ZwClose,ZwClose,ZwClose,ZwClose,ZwClose,4_2_6D891242
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_004017F6 Sleep,NtTerminateProcess,14_2_004017F6
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_00401801 Sleep,NtTerminateProcess,14_2_00401801
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_0040180F Sleep,NtTerminateProcess,14_2_0040180F
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_00401813 Sleep,NtTerminateProcess,14_2_00401813
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_00401820 Sleep,NtTerminateProcess,14_2_00401820
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_004017CF Sleep,NtTerminateProcess,14_2_004017CF
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539780 ZwMapViewOfSection,LdrInitializeThunk,14_2_6F539780
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53967A NtQueryInformationProcess,LdrInitializeThunk,14_2_6F53967A
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539660 ZwAllocateVirtualMemory,LdrInitializeThunk,14_2_6F539660
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539600 ZwOpenKey,LdrInitializeThunk,14_2_6F539600
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5399A0 ZwCreateSection,LdrInitializeThunk,14_2_6F5399A0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539860 ZwQuerySystemInformation,LdrInitializeThunk,14_2_6F539860
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539820 ZwEnumerateKey,LdrInitializeThunk,14_2_6F539820
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5398C0 ZwDuplicateObject,LdrInitializeThunk,14_2_6F5398C0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539750 ZwQueryInformationThread,14_2_6F539750
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539740 ZwOpenThreadToken,14_2_6F539740
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52174B ZwFreeVirtualMemory,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,14_2_6F52174B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F530F48 ZwOpenKey,ZwClose,ZwClose,ZwCreateKey,RtlInitUnicodeStringEx,ZwSetValueKey,RtlInitUnicodeStringEx,ZwSetValueKey,ZwClose,14_2_6F530F48
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539F70 ZwCreateIoCompletion,14_2_6F539F70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539770 ZwSetInformationFile,14_2_6F539770
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5ACF70 RtlpGetUserOrMachineUILanguage4NLS,RtlInitUnicodeString,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,ZwClose,14_2_6F5ACF70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F6F60 RtlGetPersistedStateLocation,ZwOpenKey,memcpy,RtlGetPersistedStateLocation,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,RtlAllocateHeap,ZwQueryValueKey,RtlExpandEnvironmentStrings,memcpy,ZwClose,ZwClose,RtlFreeHeap,14_2_6F4F6F60
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53AF60 ZwSetTimer2,14_2_6F53AF60
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F58176C ZwOpenEvent,ZwWaitForSingleObject,ZwClose,14_2_6F58176C
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8F6A RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8F6A
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539710 ZwQueryInformationToken,14_2_6F539710
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F586715 memset,memcpy,ZwTraceEvent,14_2_6F586715
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F529702 RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwReleaseWorkerFactoryWorker,14_2_6F529702
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,14_2_6F52E730
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539730 ZwQueryVirtualMemory,14_2_6F539730
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5ACF30 ZwAlertThreadByThreadId,14_2_6F5ACF30
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53AFD0 ZwShutdownWorkerFactory,14_2_6F53AFD0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52DFDF RtlWakeAddressAllNoFence,ZwAlertThreadByThreadId,RtlWakeAddressAllNoFence,14_2_6F52DFDF
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FF7C0 EtwNotificationUnregister,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwClose,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,EtwNotificationUnregister,14_2_6F4FF7C0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5397C0 ZwTerminateProcess,14_2_6F5397C0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F500FFD RtlInitUnicodeString,ZwQueryValueKey,14_2_6F500FFD
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F580FEC ZwDuplicateObject,ZwDuplicateObject,14_2_6F580FEC
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5237EB RtlImageNtHeader,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,ZwCreateIoCompletion,ZwCreateWorkerFactory,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwSetInformationWorkerFactory,14_2_6F5237EB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A5F87 ZwUnmapViewOfSection,14_2_6F5A5F87
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5397A0 ZwUnmapViewOfSection,14_2_6F5397A0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F533FA0 RtlGetLocaleFileMappingAddress,ZwInitializeNlsFiles,RtlGetLocaleFileMappingAddress,ZwUnmapViewOfSection,14_2_6F533FA0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 RtlDestroyHeap,RtlDeleteCriticalSection,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlDestroyHeap,DbgPrint,DbgPrint,DbgPrint,RtlDebugPrintTimes,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwTraceEvent,RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53B650 RtlUnhandledExceptionFilter,ZwTerminateProcess,14_2_6F53B650
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539650 ZwQueryValueKey,14_2_6F539650
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F586652 ZwClose,RtlAllocateHeap,memcpy,ZwUnmapViewOfSection,14_2_6F586652
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53B640 RtlUnhandledExceptionFilter,ZwTerminateProcess,14_2_6F53B640
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53AE70 ZwSetInformationWorkerFactory,14_2_6F53AE70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539670 ZwQueryInformationProcess,14_2_6F539670
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52BE62 ZwProtectVirtualMemory,RtlGetCurrentTransaction,RtlGetCurrentTransaction,14_2_6F52BE62
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F582E14 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F582E14
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FC600 LdrQueryImageFileKeyOption,RtlInitUnicodeStringEx,ZwQueryValueKey,LdrQueryImageFileKeyOption,RtlFreeHeap,RtlAllocateHeap,ZwQueryValueKey,RtlFreeHeap,RtlUnicodeStringToInteger,memcpy,14_2_6F4FC600
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539E30 ZwCancelWaitCompletionPacket,14_2_6F539E30
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5AFE3F memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5AFE3F
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539E20 ZwCancelTimer2,14_2_6F539E20
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C3E22 ZwTraceControl,RtlNtStatusToDosError,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,14_2_6F5C3E22
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FB630 ZwWaitForKeyedEvent,14_2_6F4FB630
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F529ED0 RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlAcquireSRWLockShared,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,ZwWaitForAlertByThreadId,14_2_6F529ED0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5396D0 ZwCreateKey,14_2_6F5396D0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8ED6 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8ED6
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5396C0 ZwSetInformationProcess,14_2_6F5396C0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2ED8 ZwWaitForAlertByThreadId,ZwWaitForAlertByThreadId,14_2_6F4F2ED8
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F66D4 RtlInitUnicodeString,ZwQueryValueKey,14_2_6F4F66D4
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5816FA ZwQueryWnfStateNameInformation,ZwUpdateWnfStateData,EtwEventWriteNoRegistration,14_2_6F5816FA
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F54DEF0 RtlRaiseException,RtlCaptureContext,ZwRaiseException,RtlRaiseStatus,14_2_6F54DEF0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51E6F9 ZwAlpcSetInformation,14_2_6F51E6F9
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5396E0 ZwFreeVirtualMemory,14_2_6F5396E0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FB6F0 EtwEventWriteNoRegistration,ZwTraceEvent,RtlNtStatusToDosError,14_2_6F4FB6F0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5ABE9B RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,14_2_6F5ABE9B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52DE9E RtlAcquireSRWLockExclusive,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwUnsubscribeWnfStateChange,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlFreeHeap,14_2_6F52DE9E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F3E80 RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F4F3E80
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2E9F ZwCreateEvent,ZwClose,14_2_6F4F2E9F
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C3EBC ZwTraceControl,RtlNtStatusToDosError,RtlSetLastWin32Error,14_2_6F5C3EBC
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51E6B0 RtlSetThreadWorkOnBehalfTicket,memcmp,ZwSetInformationThread,RtlSetThreadWorkOnBehalfTicket,14_2_6F51E6B0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F582EA3 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F582EA3
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C1D55 ZwFreeVirtualMemory,RtlWakeAddressAllNoFence,14_2_6F5C1D55
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581D43 ZwQueryInformationThread,14_2_6F581D43
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539D70 ZwAlpcQueryInformation,14_2_6F539D70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581570 ZwQuerySystemInformation,RtlInitUnicodeString,memset,ZwAlpcConnectPort,ZwAlpcSendWaitReceivePort,ZwClose,14_2_6F581570
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581D6A ZwWaitForMultipleObjects,14_2_6F581D6A
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B6D61 ZwAllocateVirtualMemoryEx,14_2_6F5B6D61
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581D0B ZwSetInformationProcess,14_2_6F581D0B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8D34 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8D34
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F524D3B memset,RtlRunOnceExecuteOnce,ZwTraceControl,memcmp,RtlNtStatusToDosError,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,14_2_6F524D3B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F521520 RtlInitializeCriticalSectionEx,RtlInitializeCriticalSectionEx,RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F521520
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539520 ZwWaitForSingleObject,14_2_6F539520
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5AFD22 ZwQueryInformationProcess,RtlUniform,14_2_6F5AFD22
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5395D0 ZwClose,14_2_6F5395D0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5AFDD3 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5AFDD3
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F4DC0 RtlpUnWaitCriticalSection,RtlWakeAddressAllNoFence,RtlRaiseStatus,TpWaitForAlpcCompletion,RtlpUnWaitCriticalSection,ZwSetEvent,TpWaitForAlpcCompletion,ZwAlpcQueryInformation,14_2_6F4F4DC0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5395C0 ZwSetEvent,14_2_6F5395C0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51EDC4 ZwCancelWaitCompletionPacket,14_2_6F51EDC4
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F45D0 RtlGetThreadWorkOnBehalfTicket,RtlGetThreadWorkOnBehalfTicket,ZwQueryInformationThread,14_2_6F4F45D0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5ABDFA RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,14_2_6F5ABDFA
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5395F0 ZwQueryInformationFile,14_2_6F5395F0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539DE0 ZwAssociateWaitCompletionPacket,14_2_6F539DE0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F95F0 TpSetPoolMinThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMinThreads,14_2_6F4F95F0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F50DD80 RtlAcquireSRWLockShared,ZwQueryVirtualMemory,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlRaiseStatus,RtlAddressInSectionTable,RtlImageDirectoryEntryToData,14_2_6F50DD80
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B1582 ZwTraceEvent,14_2_6F5B1582
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5BB581 RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5BB581
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F3591 ZwSetInformationFile,14_2_6F4F3591
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5395B0 ZwSetInformationThread,14_2_6F5395B0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539DB0 ZwAlpcSetInformation,14_2_6F539DB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F65A0 RtlpGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwQueryLicenseValue,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetVersion,14_2_6F4F65A0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539DA0 ZwAlpcSendWaitReceivePort,14_2_6F539DA0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581C49 ZwQueryInformationProcess,14_2_6F581C49
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539C40 ZwAllocateVirtualMemoryEx,14_2_6F539C40
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F5450 RtlClearThreadWorkOnBehalfTicket,memcmp,RtlClearThreadWorkOnBehalfTicket,ZwSetInformationThread,14_2_6F4F5450
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539C70 ZwAlpcConnectPort,14_2_6F539C70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F535C70 TpSetPoolMaxThreadsSoftLimit,ZwSetInformationWorkerFactory,14_2_6F535C70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52AC7B ZwFreeVirtualMemory,RtlFillMemoryUlong,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,DbgPrint,DbgPrint,DbgPrint,14_2_6F52AC7B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8C75 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8C75
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581C76 ZwQueryInformationProcess,14_2_6F581C76
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A3C60 RtlFlushSecureMemoryCache,ZwQueryVirtualMemory,14_2_6F5A3C60
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51746D RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,14_2_6F51746D
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F530413 ZwUnmapViewOfSection,14_2_6F530413
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8C14 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8C14
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B1411 ZwTraceEvent,14_2_6F5B1411
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51FC39 ZwAssociateWaitCompletionPacket,14_2_6F51FC39
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53A420 ZwGetNlsSectionPtr,14_2_6F53A420
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8CD6 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8CD6
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2CDB RtlFreeHeap,ZwClose,ZwSetEvent,14_2_6F4F2CDB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B14FB memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5B14FB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A64FB ZwOpenKey,ZwQueryValueKey,RtlEqualUnicodeString,RtlEqualUnicodeString,RtlEqualUnicodeString,ZwClose,14_2_6F5A64FB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FF4E3 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,14_2_6F4FF4E3
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581CE4 ZwQueryInformationProcess,14_2_6F581CE4
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F573C93 wcschr,RtlInitUnicodeString,wcstoul,RtlAnsiStringToUnicodeString,RtlCompareUnicodeString,ZwProtectVirtualMemory,DbgPrintEx,RtlFreeUnicodeString,14_2_6F573C93
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B4496 ZwAllocateVirtualMemory,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,14_2_6F5B4496
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53A480 ZwInitializeNlsFiles,14_2_6F53A480
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C9CB3 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C9CB3
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C4CAB ZwTraceControl,14_2_6F5C4CAB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8B58 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8B58
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F523B48 ZwClose,ZwClose,14_2_6F523B48
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53AB70 ZwReleaseWorkerFactoryWorker,14_2_6F53AB70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F523B7A RtlAllocateHeap,ZwQuerySystemInformationEx,memset,RtlFreeHeap,14_2_6F523B7A
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F588372 ZwClose,RtlStringFromGUIDEx,ZwCreateKey,RtlFreeUnicodeString,14_2_6F588372
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2B7E ZwSetInformationThread,ZwClose,14_2_6F4F2B7E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53AB60 ZwReleaseKeyedEvent,14_2_6F53AB60
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A6369 RtlInitUnicodeString,ZwOpenFile,ZwCreateSection,ZwMapViewOfSection,ZwClose,ZwClose,14_2_6F5A6369
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F586365 RtlAllocateHeap,ZwQueryVirtualMemory,memcpy,wcsrchr,RtlFreeHeap,RtlAllocateHeap,memcpy,14_2_6F586365
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B131B RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5B131B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F4B00 TpCallbackMayRunLong,TpCallbackMayRunLong,ZwSetInformationWorkerFactory,14_2_6F4F4B00
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539B00 ZwSetValueKey,14_2_6F539B00
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F525306 ZwReleaseKeyedEvent,14_2_6F525306
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F9335 ZwClose,ZwClose,14_2_6F4F9335
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2BC2 ZwOpenThreadToken,ZwSetInformationThread,ZwClose,14_2_6F4F2BC2
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539BF0 ZwAlertThreadByThreadId,14_2_6F539BF0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F50A3E0 RtlFormatCurrentUserKeyPath,ZwQueryInformationToken,RtlLengthSidAsUnicodeString,RtlAppendUnicodeToString,RtlConvertSidToUnicodeString,RtlFreeUnicodeString,14_2_6F50A3E0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F23F6 ZwClose,RtlFreeHeap,14_2_6F4F23F6
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52939F RtlInitializeCriticalSectionEx,ZwDelayExecution,14_2_6F52939F
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B138A memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5B138A
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2B93 TpSetDefaultPoolMaxThreads,ZwDuplicateToken,14_2_6F4F2B93
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C9BBE RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C9BBE
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8BB6 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8BB6
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53A3A0 ZwGetCompleteWnfStateSubscription,14_2_6F53A3A0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B1BA8 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5B1BA8
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F524BAD RtlAcquireSRWLockExclusive,memset,ZwTraceControl,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,14_2_6F524BAD
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F9240 ZwClose,ZwClose,RtlFreeHeap,RtlFreeHeap,RtlFreeHeap,RtlAcquireSRWLockExclusive,RtlFreeHeap,14_2_6F4F9240
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581242 ZwUnmapViewOfSection,ZwClose,ZwClose,ZwClose,ZwClose,ZwClose,14_2_6F581242
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8A62 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8A62
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8214 RtlAcquireSRWLockExclusive,ZwSetInformationWorkerFactory,RtlReleaseSRWLockExclusive,14_2_6F5C8214
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539A00 ZwProtectVirtualMemory,14_2_6F539A00
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F5210 RtlGetCurrentDirectory_U,memcpy,RtlGetCurrentDirectory_U,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,14_2_6F4F5210
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52B230 EtwEventWrite,ZwTraceEvent,RtlNtStatusToDosError,EtwEventWrite,14_2_6F52B230
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F4A20 RtlGetCurrentServiceSessionId,RtlFreeHeap,ZwClose,RtlReleaseActivationContext,LdrUnloadDll,14_2_6F4F4A20
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F8239 RtlInitUnicodeStringEx,ZwQueryValueKey,RtlInitUnicodeStringEx,RtlPrefixUnicodeString,ZwEnumerateKey,ZwOpenKey,RtlInitUnicodeStringEx,ZwQueryValueKey,RtlFreeHeap,ZwClose,RtlAllocateHeap,RtlCompareUnicodeString,ZwClose,RtlFreeHeap,ZwClose,14_2_6F4F8239
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51A229 ZwAllocateVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwQueryVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlFillMemoryUlong,DbgPrint,DbgPrint,DbgPrint,14_2_6F51A229
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51FAD0 RtlAcquireSRWLockShared,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockShared,ZwTerminateProcess,14_2_6F51FAD0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8ADD RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8ADD
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581AD6 ZwFreeVirtualMemory,14_2_6F581AD6
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53AAC0 ZwQueryWnfStateNameInformation,14_2_6F53AAC0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539AE0 ZwTraceEvent,14_2_6F539AE0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53AAE0 ZwRaiseException,14_2_6F53AAE0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53AA90 ZwQuerySystemInformationEx,14_2_6F53AA90
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52D294 ZwQueryAttributesFile,RtlFreeHeap,ZwClose,RtlFreeHeap,14_2_6F52D294
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F512280 RtlAcquireSRWLockExclusive,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,ZwTerminateProcess,14_2_6F512280
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F429E RtlInitUnicodeString,ZwClose,LdrQueryImageFileKeyOption,14_2_6F4F429E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53B280 ZwWow64DebuggerCall,14_2_6F53B280
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539AB0 ZwWaitForMultipleObjects,14_2_6F539AB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52E2BB ZwWaitForAlertByThreadId,14_2_6F52E2BB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F52A5 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwFsControlFile,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,14_2_6F4F52A5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F1AA0 RtlAllocateHandle,RtlReAllocateHeap,ZwAllocateVirtualMemory,ZwAllocateVirtualMemory,RtlAllocateHeap,14_2_6F4F1AA0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F525AA0 TpSetPoolMaxThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMaxThreads,14_2_6F525AA0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53B150 ZwUnsubscribeWnfStateChange,14_2_6F53B150
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F395E RtlAcquireSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,14_2_6F4F395E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51B944 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,RtlGetCurrentServiceSessionId,ZwSetTimer2,RtlGetCurrentServiceSessionId,ZwCancelTimer2,14_2_6F51B944
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FF150 RtlOpenCurrentUser,RtlFormatCurrentUserKeyPath,ZwOpenKey,RtlFreeUnicodeString,RtlOpenCurrentUser,RtlInitUnicodeString,ZwOpenKey,14_2_6F4FF150
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581976 ZwCreateEvent,14_2_6F581976
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53B160 ZwUpdateWnfStateData,14_2_6F53B160
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53A160 ZwCreateWorkerFactory,14_2_6F53A160
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8966 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C8966
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FB171 ZwQueryDebugFilterState,_alloca_probe_16,memcpy,_vsnprintf,ZwWow64DebuggerCall,RtlRaiseException,14_2_6F4FB171
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F9100 TpReleasePool,RtlAcquireSRWLockExclusive,ZwShutdownWorkerFactory,RtlGetCurrentServiceSessionId,TpReleasePool,TpReleasePool,RtlDebugPrintTimes,TpReleasePool,14_2_6F4F9100
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F500100 LdrUnloadAlternateResourceModuleEx,RtlAcquireSRWLockExclusive,ZwUnmapViewOfSection,ZwClose,LdrUnloadAlternateResourceModuleEx,RtlFreeHeap,RtlFreeHeap,RtlReAllocateHeap,14_2_6F500100
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539900 ZwOpenEvent,14_2_6F539900
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F58193B ZwRaiseException,ZwTerminateProcess,14_2_6F58193B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53A130 ZwCreateWaitCompletionPacket,14_2_6F53A130
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5CF13B ZwOpenKey,ZwCreateKey,14_2_6F5CF13B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F514120 RtlAllocateHeap,memmove,memmove,RtlPrefixUnicodeString,RtlAllocateHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlFreeHeap,14_2_6F514120
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539920 ZwDuplicateToken,14_2_6F539920
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5819C8 ZwCreateSection,ZwMapViewOfSection,memset,ZwUnmapViewOfSection,ZwClose,14_2_6F5819C8
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C89E7 RtlGetCurrentServiceSessionId,ZwTraceEvent,14_2_6F5C89E7
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539990 ZwQueryVolumeInformationFile,14_2_6F539990
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F519E RtlEqualUnicodeString,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,14_2_6F4F519E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5BA189 RtlAcquireSRWLockExclusive,ZwGetNlsSectionPtr,RtlAllocateHeap,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,14_2_6F5BA189
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51C182 RtlGetCurrentServiceSessionId,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,14_2_6F51C182
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539980 ZwCreateEvent,14_2_6F539980
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53B180 ZwWaitForAlertByThreadId,14_2_6F53B180
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A6186 ZwQueryValueKey,memmove,RtlInitUnicodeString,14_2_6F5A6186
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53A9B0 ZwQueryLicenseValue,14_2_6F53A9B0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5751BE ZwQuerySystemInformation,ZwQuerySystemInformationEx,RtlAllocateHeap,ZwQuerySystemInformationEx,RtlFindCharInUnicodeString,RtlEnterCriticalSection,memcpy,14_2_6F5751BE
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53B1A0 ZwWaitForKeyedEvent,14_2_6F53B1A0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B49A4 ZwAllocateVirtualMemory,RtlCompareMemory,memcpy,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,14_2_6F5B49A4
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8858 ZwAlertThreadByThreadId,14_2_6F5C8858
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539840 ZwDelayExecution,14_2_6F539840
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F5050 RtlSetCurrentDirectory_U,RtlAllocateHeap,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlSetCurrentDirectory_U,RtlFreeHeap,RtlFreeHeap,14_2_6F4F5050
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F581879 ZwAllocateVirtualMemory,memset,RtlInitializeSid,14_2_6F581879
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F50106F ZwOpenKey,ZwClose,14_2_6F50106F
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5CF019 RtlInitUnicodeString,RtlInitUnicodeString,ZwQueryValueKey,RtlAllocateHeap,ZwQueryValueKey,RtlInitUnicodeString,ZwClose,RtlFreeHeap,14_2_6F5CF019
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FF018 RtlAllocateHeap,ZwQueryValueKey,memcpy,RtlFreeHeap,14_2_6F4FF018
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539830 ZwOpenFile,14_2_6F539830
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F524020 RtlGetVersion,RtlGetSuiteMask,RtlGetNtProductType,RtlInitUnicodeString,ZwQueryLicenseValue,RtlGetSuiteMask,RtlGetVersion,14_2_6F524020
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53A0D0 ZwCreateTimer2,14_2_6F53A0D0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5398D0 ZwQueryAttributesFile,14_2_6F5398D0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5310D7 ZwOpenKey,ZwCreateKey,14_2_6F5310D7
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F70C0 ZwClose,RtlFreeHeap,RtlFreeHeap,14_2_6F4F70C0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5300C2 ZwAlertThreadByThreadId,14_2_6F5300C2
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F40FD RtlImageNtHeaderEx,DbgPrintEx,memset,RtlDebugPrintTimes,DbgPrintEx,wcsstr,DbgPrintEx,DbgPrintEx,wcschr,DbgPrintEx,ZwSetInformationProcess,14_2_6F4F40FD
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A60E9 ZwOpenKey,ZwClose,ZwClose,14_2_6F5A60E9
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FB8F0 TpSetPoolStackInformation,ZwSetInformationWorkerFactory,14_2_6F4FB8F0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51E090 RtlWow64EnableFsRedirectionEx,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,14_2_6F51E090
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53A890 ZwQueryDebugFilterState,14_2_6F53A890
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F539890 ZwFsControlFile,14_2_6F539890
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F3880 TpSetWaitEx,RtlAllocateHeap,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,TpSetWaitEx,14_2_6F4F3880
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52A080 RtlDeleteCriticalSection,RtlAcquireSRWLockExclusive,RtlDeleteCriticalSection,RtlDeleteCriticalSection,ZwClose,RtlDeleteCriticalSection,14_2_6F52A080
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53108B ZwClose,14_2_6F53108B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F53B0B0 ZwTraceControl,14_2_6F53B0B0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5218B9 ZwCreateTimer2,ZwCreateWaitCompletionPacket,ZwAssociateWaitCompletionPacket,ZwClose,14_2_6F5218B9
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52F0BF ZwOpenFile,RtlFreeHeap,ZwQueryVolumeInformationFile,RtlAllocateHeap,memcpy,ZwClose,ZwClose,RtlFreeHeap,14_2_6F52F0BF
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A60A2 ZwQueryInformationFile,14_2_6F5A60A2
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51F0AE ZwSetInformationWorkerFactory,14_2_6F51F0AE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_004024A84_2_004024A8
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8335D04_2_6D8335D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D800D204_2_6D800D20
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C44964_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C67E24_2_6D8C67E2
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D832F704_2_6D832F70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D826E304_2_6D826E30
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8241204_2_6D824120
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81B0904_2_6D81B090
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C10024_2_6D8C1002
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A8304_2_6D82A830
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8388404_2_6D838840
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8AEB8A4_2_6D8AEB8A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83EBB04_2_6D83EBB0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83ABD84_2_6D83ABD8
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B23E34_2_6D8B23E3
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D858BE84_2_6D858BE8
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A3094_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82AB404_2_6D82AB40
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D32A94_2_6D8D32A9
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8CE2C54_2_6D8CE2C5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BFA2B4_2_6D8BFA2B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_004024A814_2_004024A8
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F522F7014_2_6F522F70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B67E214_2_6F5B67E2
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F516E3014_2_6F516E30
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C2EF714_2_6F5C2EF7
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C1D5514_2_6F5C1D55
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F0D2014_2_6F4F0D20
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5235D014_2_6F5235D0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B449614_2_6F5B4496
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51AB4014_2_6F51AB40
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51A30914_2_6F51A309
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52ABD814_2_6F52ABD8
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A23E314_2_6F5A23E3
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F548BE814_2_6F548BE8
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F59EB8A14_2_6F59EB8A
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52EBB014_2_6F52EBB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5AFA2B14_2_6F5AFA2B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5BE2C514_2_6F5BE2C5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B4AEF14_2_6F5B4AEF
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C32A914_2_6F5C32A9
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51412014_2_6F514120
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5199BF14_2_6F5199BF
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52884014_2_6F528840
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F680014_2_6F4F6800
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B100214_2_6F5B1002
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51A83014_2_6F51A830
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F50B09014_2_6F50B090
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: String function: 6D85D08C appears 32 times
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: String function: 6D895720 appears 41 times
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: String function: 6D80B150 appears 122 times
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: String function: 6F585720 appears 41 times
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: String function: 6F4FB150 appears 128 times
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: String function: 6F54D08C appears 38 times
                  Source: BCCB.tmp.4.drStatic PE information: No import functions for PE file found
                  Source: BCCB.tmp.14.drStatic PE information: No import functions for PE file found
                  Source: xax2K3BWhm.exe, 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs xax2K3BWhm.exe
                  Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\explorer.exeSection loaded: winnsi.dllJump to behavior
                  Source: xax2K3BWhm.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                  Source: BCCB.tmp.4.drBinary string: \Device\IPT
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@6/4@1/2
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ahafdusJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeFile created: C:\Users\user\AppData\Local\Temp\BCCB.tmpJump to behavior
                  Source: xax2K3BWhm.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: xax2K3BWhm.exeReversingLabs: Detection: 44%
                  Source: unknownProcess created: C:\Users\user\Desktop\xax2K3BWhm.exe 'C:\Users\user\Desktop\xax2K3BWhm.exe'
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeProcess created: C:\Users\user\Desktop\xax2K3BWhm.exe 'C:\Users\user\Desktop\xax2K3BWhm.exe'
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\ahafdus C:\Users\user\AppData\Roaming\ahafdus
                  Source: C:\Users\user\AppData\Roaming\ahafdusProcess created: C:\Users\user\AppData\Roaming\ahafdus C:\Users\user\AppData\Roaming\ahafdus
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeProcess created: C:\Users\user\Desktop\xax2K3BWhm.exe 'C:\Users\user\Desktop\xax2K3BWhm.exe' Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusProcess created: C:\Users\user\AppData\Roaming\ahafdus C:\Users\user\AppData\Roaming\ahafdusJump to behavior
                  Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                  Source: xax2K3BWhm.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: xax2K3BWhm.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: xax2K3BWhm.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: xax2K3BWhm.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: xax2K3BWhm.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: xax2K3BWhm.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: xax2K3BWhm.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000006.00000000.683350760.0000000005A00000.00000002.00000001.sdmp
                  Source: Binary string: wntdll.pdbUGP source: xax2K3BWhm.exe, 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, ahafdus, 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, BCCB.tmp.4.dr
                  Source: Binary string: wntdll.pdb source: xax2K3BWhm.exe, ahafdus, BCCB.tmp.4.dr
                  Source: Binary string: C:\faxeka.pdb source: xax2K3BWhm.exe
                  Source: Binary string: O7C:\faxeka.pdb`KC@+C source: xax2K3BWhm.exe
                  Source: Binary string: wscui.pdb source: explorer.exe, 00000006.00000000.683350760.0000000005A00000.00000002.00000001.sdmp
                  Source: xax2K3BWhm.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: xax2K3BWhm.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: xax2K3BWhm.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: xax2K3BWhm.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: xax2K3BWhm.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                  Data Obfuscation:

                  barindex
                  Detected unpacking (changes PE section rights)Show sources
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeUnpacked PE file: 4.2.xax2K3BWhm.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
                  Source: C:\Users\user\AppData\Roaming\ahafdusUnpacked PE file: 14.2.ahafdus.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:EW;
                  Source: BCCB.tmp.4.drStatic PE information: 0xC8733C73 [Sun Jul 26 13:21:55 2076 UTC]
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 0_2_0040A020 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_0040A020
                  Source: BCCB.tmp.4.drStatic PE information: section name: RT
                  Source: BCCB.tmp.4.drStatic PE information: section name: .mrdata
                  Source: BCCB.tmp.4.drStatic PE information: section name: .00cfg
                  Source: BCCB.tmp.14.drStatic PE information: section name: RT
                  Source: BCCB.tmp.14.drStatic PE information: section name: .mrdata
                  Source: BCCB.tmp.14.drStatic PE information: section name: .00cfg
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_00402E04 push 04EC83E1h; mov dword ptr [esp], 00000030h4_2_00402E23
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_004024A8 push FFFFFF99h; retf F1D6h4_2_004027A5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D85D0D1 push ecx; ret 4_2_6D85D0E4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_1_00402E04 push 04EC83E1h; mov dword ptr [esp], 00000030h4_1_00402E23
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_00402E04 push 04EC83E1h; mov dword ptr [esp], 00000030h14_2_00402E23
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_004024A8 push FFFFFF99h; retf F1D6h14_2_004027A5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F54D0D1 push ecx; ret 14_2_6F54D0E4
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_1_00402E04 push 04EC83E1h; mov dword ptr [esp], 00000030h14_1_00402E23
                  Source: initial sampleStatic PE information: section name: .text entropy: 6.88203005979
                  Source: initial sampleStatic PE information: section name: .text entropy: 6.85305507137
                  Source: initial sampleStatic PE information: section name: .text entropy: 6.88203005979
                  Source: initial sampleStatic PE information: section name: .text entropy: 6.85305507137
                  Source: C:\Users\user\AppData\Roaming\ahafdusFile created: C:\Users\user\AppData\Local\Temp\BCCB.tmpJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ahafdusJump to dropped file
                  Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\ahafdusJump to dropped file

                  Hooking and other Techniques for Hiding and Protection:

                  barindex
                  DLL reload attack detectedShow sources
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeModule Loaded: Original DLL: C:\USERS\user\APPDATA\LOCAL\TEMP\BCCB.TMP reload: C:\WINDOWS\SYSWOW64\NTDLL.DLL
                  Source: C:\Users\user\AppData\Roaming\ahafdusModule Loaded: Original DLL: C:\USERS\user\APPDATA\LOCAL\TEMP\BCCB.TMP reload: C:\WINDOWS\SYSWOW64\NTDLL.DLL
                  Deletes itself after installationShow sources
                  Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\xax2k3bwhm.exeJump to behavior
                  Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                  Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\ahafdus:Zone.Identifier read attributes | deleteJump to behavior

                  Malware Analysis System Evasion:

                  barindex
                  Checks if the current machine is a virtual machine (disk enumeration)Show sources
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                  Renames NTDLL to bypass HIPSShow sources
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeFile opened: C:\Windows\SysWOW64\ntdll.dllJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeFile opened: C:\Windows\SysWOW64\ntdll.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusFile opened: C:\Windows\SysWOW64\ntdll.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusFile opened: C:\Windows\SysWOW64\ntdll.dllJump to behavior
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                  Source: ahafdus, 0000000E.00000002.788446105.00000000004DB000.00000004.00000020.sdmpBinary or memory string: ASWHOOK
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D836B90 rdtsc 4_2_6D836B90
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 676Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 368Jump to behavior
                  Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 412Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 6500Thread sleep count: 676 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 768Thread sleep count: 347 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 768Thread sleep time: -34700s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 6508Thread sleep count: 368 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 6508Thread sleep time: -36800s >= -30000sJump to behavior
                  Source: C:\Windows\explorer.exe TID: 5684Thread sleep count: 412 > 30Jump to behavior
                  Source: C:\Windows\explorer.exe TID: 5696Thread sleep count: 241 > 30Jump to behavior
                  Source: explorer.exe, 00000006.00000000.683071003.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                  Source: explorer.exe, 00000006.00000000.687406902.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000006.00000000.683895687.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000006.00000000.687406902.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000006.00000000.687556430.000000000A716000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATAa
                  Source: explorer.exe, 00000006.00000000.709055237.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
                  Source: explorer.exe, 00000006.00000000.683071003.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                  Source: explorer.exe, 00000006.00000000.687556430.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
                  Source: explorer.exe, 00000006.00000000.683071003.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                  Source: explorer.exe, 00000006.00000000.687556430.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
                  Source: explorer.exe, 00000006.00000000.692687947.000000000FD29000.00000004.00000001.sdmpBinary or memory string: f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                  Source: explorer.exe, 00000006.00000000.683071003.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeSystem information queried: ModuleInformationJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeProcess information queried: ProcessInformationJump to behavior

                  Anti Debugging:

                  barindex
                  Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))Show sources
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeSystem information queried: CodeIntegrityInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusSystem information queried: CodeIntegrityInformationJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D836B90 rdtsc 4_2_6D836B90
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D849780 ZwMapViewOfSection,LdrInitializeThunk,4_2_6D849780
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 0_2_00406C70 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00406C70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 0_2_0040A020 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_0040A020
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 0_2_03390042 push dword ptr fs:[00000030h]0_2_03390042
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803591 mov eax, dword ptr fs:[00000030h]4_2_6D803591
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8335A1 mov eax, dword ptr fs:[00000030h]4_2_6D8335A1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D831DB5 mov eax, dword ptr fs:[00000030h]4_2_6D831DB5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D831DB5 mov eax, dword ptr fs:[00000030h]4_2_6D831DB5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D831DB5 mov eax, dword ptr fs:[00000030h]4_2_6D831DB5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8015C1 mov eax, dword ptr fs:[00000030h]4_2_6D8015C1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8095F0 mov eax, dword ptr fs:[00000030h]4_2_6D8095F0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8095F0 mov ecx, dword ptr fs:[00000030h]4_2_6D8095F0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B8DF1 mov eax, dword ptr fs:[00000030h]4_2_6D8B8DF1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80F51D mov eax, dword ptr fs:[00000030h]4_2_6D80F51D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D831520 mov eax, dword ptr fs:[00000030h]4_2_6D831520
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D831520 mov eax, dword ptr fs:[00000030h]4_2_6D831520
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D831520 mov eax, dword ptr fs:[00000030h]4_2_6D831520
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D831520 mov eax, dword ptr fs:[00000030h]4_2_6D831520
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D831520 mov eax, dword ptr fs:[00000030h]4_2_6D831520
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80AD30 mov eax, dword ptr fs:[00000030h]4_2_6D80AD30
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834D3B mov eax, dword ptr fs:[00000030h]4_2_6D834D3B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834D3B mov eax, dword ptr fs:[00000030h]4_2_6D834D3B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834D3B mov eax, dword ptr fs:[00000030h]4_2_6D834D3B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8D34 mov eax, dword ptr fs:[00000030h]4_2_6D8D8D34
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D843D43 mov eax, dword ptr fs:[00000030h]4_2_6D843D43
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D883540 mov eax, dword ptr fs:[00000030h]4_2_6D883540
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B3D40 mov eax, dword ptr fs:[00000030h]4_2_6D8B3D40
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80354C mov eax, dword ptr fs:[00000030h]4_2_6D80354C
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80354C mov eax, dword ptr fs:[00000030h]4_2_6D80354C
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D827D50 mov eax, dword ptr fs:[00000030h]4_2_6D827D50
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82C577 mov eax, dword ptr fs:[00000030h]4_2_6D82C577
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82C577 mov eax, dword ptr fs:[00000030h]4_2_6D82C577
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D801480 mov eax, dword ptr fs:[00000030h]4_2_6D801480
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4496 mov eax, dword ptr fs:[00000030h]4_2_6D8C4496
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80649B mov eax, dword ptr fs:[00000030h]4_2_6D80649B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80649B mov eax, dword ptr fs:[00000030h]4_2_6D80649B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804CB0 mov eax, dword ptr fs:[00000030h]4_2_6D804CB0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D802CDB mov eax, dword ptr fs:[00000030h]4_2_6D802CDB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8CD6 mov eax, dword ptr fs:[00000030h]4_2_6D8D8CD6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C14FB mov eax, dword ptr fs:[00000030h]4_2_6D8C14FB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D740D mov eax, dword ptr fs:[00000030h]4_2_6D8D740D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D740D mov eax, dword ptr fs:[00000030h]4_2_6D8D740D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D740D mov eax, dword ptr fs:[00000030h]4_2_6D8D740D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81FC01 mov eax, dword ptr fs:[00000030h]4_2_6D81FC01
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81FC01 mov eax, dword ptr fs:[00000030h]4_2_6D81FC01
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81FC01 mov eax, dword ptr fs:[00000030h]4_2_6D81FC01
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81FC01 mov eax, dword ptr fs:[00000030h]4_2_6D81FC01
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1C06 mov eax, dword ptr fs:[00000030h]4_2_6D8C1C06
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8C14 mov eax, dword ptr fs:[00000030h]4_2_6D8D8C14
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83BC2C mov eax, dword ptr fs:[00000030h]4_2_6D83BC2C
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804439 mov eax, dword ptr fs:[00000030h]4_2_6D804439
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89C450 mov eax, dword ptr fs:[00000030h]4_2_6D89C450
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89C450 mov eax, dword ptr fs:[00000030h]4_2_6D89C450
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82746D mov eax, dword ptr fs:[00000030h]4_2_6D82746D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D845C70 mov eax, dword ptr fs:[00000030h]4_2_6D845C70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81FC77 mov eax, dword ptr fs:[00000030h]4_2_6D81FC77
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81FC77 mov eax, dword ptr fs:[00000030h]4_2_6D81FC77
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81FC77 mov eax, dword ptr fs:[00000030h]4_2_6D81FC77
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81FC77 mov eax, dword ptr fs:[00000030h]4_2_6D81FC77
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83AC7B mov eax, dword ptr fs:[00000030h]4_2_6D83AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8C75 mov eax, dword ptr fs:[00000030h]4_2_6D8D8C75
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803FC5 mov eax, dword ptr fs:[00000030h]4_2_6D803FC5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803FC5 mov eax, dword ptr fs:[00000030h]4_2_6D803FC5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803FC5 mov eax, dword ptr fs:[00000030h]4_2_6D803FC5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8337EB mov eax, dword ptr fs:[00000030h]4_2_6D8337EB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8337EB mov eax, dword ptr fs:[00000030h]4_2_6D8337EB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8337EB mov eax, dword ptr fs:[00000030h]4_2_6D8337EB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8337EB mov eax, dword ptr fs:[00000030h]4_2_6D8337EB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8337EB mov eax, dword ptr fs:[00000030h]4_2_6D8337EB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8337EB mov eax, dword ptr fs:[00000030h]4_2_6D8337EB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8337EB mov eax, dword ptr fs:[00000030h]4_2_6D8337EB
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8437F5 mov eax, dword ptr fs:[00000030h]4_2_6D8437F5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834710 mov eax, dword ptr fs:[00000030h]4_2_6D834710
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82F716 mov eax, dword ptr fs:[00000030h]4_2_6D82F716
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89FF10 mov eax, dword ptr fs:[00000030h]4_2_6D89FF10
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89FF10 mov eax, dword ptr fs:[00000030h]4_2_6D89FF10
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804F2E mov eax, dword ptr fs:[00000030h]4_2_6D804F2E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804F2E mov eax, dword ptr fs:[00000030h]4_2_6D804F2E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83E730 mov eax, dword ptr fs:[00000030h]4_2_6D83E730
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82B73D mov eax, dword ptr fs:[00000030h]4_2_6D82B73D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82B73D mov eax, dword ptr fs:[00000030h]4_2_6D82B73D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80A745 mov eax, dword ptr fs:[00000030h]4_2_6D80A745
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83DF4C mov eax, dword ptr fs:[00000030h]4_2_6D83DF4C
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82E760 mov eax, dword ptr fs:[00000030h]4_2_6D82E760
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82E760 mov eax, dword ptr fs:[00000030h]4_2_6D82E760
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8F6A mov eax, dword ptr fs:[00000030h]4_2_6D8D8F6A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D832F70 mov eax, dword ptr fs:[00000030h]4_2_6D832F70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D832F70 mov eax, dword ptr fs:[00000030h]4_2_6D832F70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D832F70 mov eax, dword ptr fs:[00000030h]4_2_6D832F70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D832F70 mov eax, dword ptr fs:[00000030h]4_2_6D832F70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D832F70 mov eax, dword ptr fs:[00000030h]4_2_6D832F70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D832F70 mov eax, dword ptr fs:[00000030h]4_2_6D832F70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D832F70 mov eax, dword ptr fs:[00000030h]4_2_6D832F70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803E80 mov eax, dword ptr fs:[00000030h]4_2_6D803E80
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803E80 mov eax, dword ptr fs:[00000030h]4_2_6D803E80
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83DE9E mov eax, dword ptr fs:[00000030h]4_2_6D83DE9E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83DE9E mov eax, dword ptr fs:[00000030h]4_2_6D83DE9E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83DE9E mov eax, dword ptr fs:[00000030h]4_2_6D83DE9E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D892EA3 mov eax, dword ptr fs:[00000030h]4_2_6D892EA3
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8846A7 mov eax, dword ptr fs:[00000030h]4_2_6D8846A7
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8336CC mov eax, dword ptr fs:[00000030h]4_2_6D8336CC
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8ED6 mov eax, dword ptr fs:[00000030h]4_2_6D8D8ED6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D843EE4 mov eax, dword ptr fs:[00000030h]4_2_6D843EE4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D843EE4 mov eax, dword ptr fs:[00000030h]4_2_6D843EE4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D843EE4 mov eax, dword ptr fs:[00000030h]4_2_6D843EE4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8316E0 mov ecx, dword ptr fs:[00000030h]4_2_6D8316E0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8176E2 mov eax, dword ptr fs:[00000030h]4_2_6D8176E2
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80C600 mov eax, dword ptr fs:[00000030h]4_2_6D80C600
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80C600 mov eax, dword ptr fs:[00000030h]4_2_6D80C600
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80C600 mov eax, dword ptr fs:[00000030h]4_2_6D80C600
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D892E14 mov eax, dword ptr fs:[00000030h]4_2_6D892E14
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D840E21 mov eax, dword ptr fs:[00000030h]4_2_6D840E21
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BFE3F mov eax, dword ptr fs:[00000030h]4_2_6D8BFE3F
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80A63B mov eax, dword ptr fs:[00000030h]4_2_6D80A63B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80A63B mov eax, dword ptr fs:[00000030h]4_2_6D80A63B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D833E70 mov eax, dword ptr fs:[00000030h]4_2_6D833E70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82C182 mov eax, dword ptr fs:[00000030h]4_2_6D82C182
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8CA189 mov eax, dword ptr fs:[00000030h]4_2_6D8CA189
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8CA189 mov ecx, dword ptr fs:[00000030h]4_2_6D8CA189
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83A185 mov eax, dword ptr fs:[00000030h]4_2_6D83A185
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834190 mov eax, dword ptr fs:[00000030h]4_2_6D834190
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80519E mov eax, dword ptr fs:[00000030h]4_2_6D80519E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80519E mov ecx, dword ptr fs:[00000030h]4_2_6D80519E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8361A0 mov eax, dword ptr fs:[00000030h]4_2_6D8361A0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8361A0 mov eax, dword ptr fs:[00000030h]4_2_6D8361A0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C49A4 mov eax, dword ptr fs:[00000030h]4_2_6D8C49A4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C49A4 mov eax, dword ptr fs:[00000030h]4_2_6D8C49A4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C49A4 mov eax, dword ptr fs:[00000030h]4_2_6D8C49A4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C49A4 mov eax, dword ptr fs:[00000030h]4_2_6D8C49A4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov ecx, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov ecx, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov eax, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov ecx, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov ecx, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov eax, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov ecx, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov ecx, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov eax, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov ecx, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov ecx, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8299BF mov eax, dword ptr fs:[00000030h]4_2_6D8299BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8031E0 mov eax, dword ptr fs:[00000030h]4_2_6D8031E0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8941E8 mov eax, dword ptr fs:[00000030h]4_2_6D8941E8
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80B1E1 mov eax, dword ptr fs:[00000030h]4_2_6D80B1E1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80B1E1 mov eax, dword ptr fs:[00000030h]4_2_6D80B1E1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80B1E1 mov eax, dword ptr fs:[00000030h]4_2_6D80B1E1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D89E7 mov eax, dword ptr fs:[00000030h]4_2_6D8D89E7
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809100 mov eax, dword ptr fs:[00000030h]4_2_6D809100
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809100 mov eax, dword ptr fs:[00000030h]4_2_6D809100
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809100 mov eax, dword ptr fs:[00000030h]4_2_6D809100
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D810100 mov eax, dword ptr fs:[00000030h]4_2_6D810100
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D810100 mov eax, dword ptr fs:[00000030h]4_2_6D810100
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D810100 mov eax, dword ptr fs:[00000030h]4_2_6D810100
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D824120 mov eax, dword ptr fs:[00000030h]4_2_6D824120
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D824120 mov eax, dword ptr fs:[00000030h]4_2_6D824120
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D824120 mov eax, dword ptr fs:[00000030h]4_2_6D824120
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D824120 mov eax, dword ptr fs:[00000030h]4_2_6D824120
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D824120 mov ecx, dword ptr fs:[00000030h]4_2_6D824120
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803138 mov ecx, dword ptr fs:[00000030h]4_2_6D803138
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83513A mov eax, dword ptr fs:[00000030h]4_2_6D83513A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83513A mov eax, dword ptr fs:[00000030h]4_2_6D83513A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82B944 mov eax, dword ptr fs:[00000030h]4_2_6D82B944
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82B944 mov eax, dword ptr fs:[00000030h]4_2_6D82B944
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80395E mov eax, dword ptr fs:[00000030h]4_2_6D80395E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80395E mov eax, dword ptr fs:[00000030h]4_2_6D80395E
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8966 mov eax, dword ptr fs:[00000030h]4_2_6D8D8966
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80B171 mov eax, dword ptr fs:[00000030h]4_2_6D80B171
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80B171 mov eax, dword ptr fs:[00000030h]4_2_6D80B171
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803880 mov eax, dword ptr fs:[00000030h]4_2_6D803880
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803880 mov eax, dword ptr fs:[00000030h]4_2_6D803880
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D883884 mov eax, dword ptr fs:[00000030h]4_2_6D883884
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D883884 mov eax, dword ptr fs:[00000030h]4_2_6D883884
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8490AF mov eax, dword ptr fs:[00000030h]4_2_6D8490AF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8128AE mov eax, dword ptr fs:[00000030h]4_2_6D8128AE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8128AE mov eax, dword ptr fs:[00000030h]4_2_6D8128AE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8128AE mov eax, dword ptr fs:[00000030h]4_2_6D8128AE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8128AE mov ecx, dword ptr fs:[00000030h]4_2_6D8128AE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8128AE mov eax, dword ptr fs:[00000030h]4_2_6D8128AE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8128AE mov eax, dword ptr fs:[00000030h]4_2_6D8128AE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80E8B0 mov eax, dword ptr fs:[00000030h]4_2_6D80E8B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80E8B0 mov eax, dword ptr fs:[00000030h]4_2_6D80E8B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80E8B0 mov eax, dword ptr fs:[00000030h]4_2_6D80E8B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80E8B0 mov eax, dword ptr fs:[00000030h]4_2_6D80E8B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80E8B0 mov eax, dword ptr fs:[00000030h]4_2_6D80E8B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80E8B0 mov eax, dword ptr fs:[00000030h]4_2_6D80E8B0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83F0BF mov ecx, dword ptr fs:[00000030h]4_2_6D83F0BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83F0BF mov eax, dword ptr fs:[00000030h]4_2_6D83F0BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83F0BF mov eax, dword ptr fs:[00000030h]4_2_6D83F0BF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8070C0 mov eax, dword ptr fs:[00000030h]4_2_6D8070C0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8070C0 mov eax, dword ptr fs:[00000030h]4_2_6D8070C0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89B8D0 mov eax, dword ptr fs:[00000030h]4_2_6D89B8D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89B8D0 mov ecx, dword ptr fs:[00000030h]4_2_6D89B8D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89B8D0 mov eax, dword ptr fs:[00000030h]4_2_6D89B8D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89B8D0 mov eax, dword ptr fs:[00000030h]4_2_6D89B8D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89B8D0 mov eax, dword ptr fs:[00000030h]4_2_6D89B8D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D89B8D0 mov eax, dword ptr fs:[00000030h]4_2_6D89B8D0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8040E1 mov eax, dword ptr fs:[00000030h]4_2_6D8040E1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8040E1 mov eax, dword ptr fs:[00000030h]4_2_6D8040E1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8040E1 mov eax, dword ptr fs:[00000030h]4_2_6D8040E1
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82B8E4 mov eax, dword ptr fs:[00000030h]4_2_6D82B8E4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82B8E4 mov eax, dword ptr fs:[00000030h]4_2_6D82B8E4
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8058EC mov eax, dword ptr fs:[00000030h]4_2_6D8058EC
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8128FD mov eax, dword ptr fs:[00000030h]4_2_6D8128FD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8128FD mov eax, dword ptr fs:[00000030h]4_2_6D8128FD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8128FD mov eax, dword ptr fs:[00000030h]4_2_6D8128FD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D818800 mov eax, dword ptr fs:[00000030h]4_2_6D818800
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8DF019 mov eax, dword ptr fs:[00000030h]4_2_6D8DF019
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8DF019 mov eax, dword ptr fs:[00000030h]4_2_6D8DF019
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D4015 mov eax, dword ptr fs:[00000030h]4_2_6D8D4015
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D4015 mov eax, dword ptr fs:[00000030h]4_2_6D8D4015
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80F018 mov eax, dword ptr fs:[00000030h]4_2_6D80F018
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80F018 mov eax, dword ptr fs:[00000030h]4_2_6D80F018
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834020 mov edi, dword ptr fs:[00000030h]4_2_6D834020
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81B02A mov eax, dword ptr fs:[00000030h]4_2_6D81B02A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81B02A mov eax, dword ptr fs:[00000030h]4_2_6D81B02A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81B02A mov eax, dword ptr fs:[00000030h]4_2_6D81B02A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D81B02A mov eax, dword ptr fs:[00000030h]4_2_6D81B02A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A830 mov eax, dword ptr fs:[00000030h]4_2_6D82A830
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A830 mov eax, dword ptr fs:[00000030h]4_2_6D82A830
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A830 mov eax, dword ptr fs:[00000030h]4_2_6D82A830
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A830 mov eax, dword ptr fs:[00000030h]4_2_6D82A830
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805050 mov eax, dword ptr fs:[00000030h]4_2_6D805050
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805050 mov eax, dword ptr fs:[00000030h]4_2_6D805050
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805050 mov eax, dword ptr fs:[00000030h]4_2_6D805050
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D807055 mov eax, dword ptr fs:[00000030h]4_2_6D807055
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82F86D mov eax, dword ptr fs:[00000030h]4_2_6D82F86D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C2073 mov eax, dword ptr fs:[00000030h]4_2_6D8C2073
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8AEB8A mov ecx, dword ptr fs:[00000030h]4_2_6D8AEB8A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8AEB8A mov eax, dword ptr fs:[00000030h]4_2_6D8AEB8A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8AEB8A mov eax, dword ptr fs:[00000030h]4_2_6D8AEB8A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8AEB8A mov eax, dword ptr fs:[00000030h]4_2_6D8AEB8A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C138A mov eax, dword ptr fs:[00000030h]4_2_6D8C138A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804B94 mov edi, dword ptr fs:[00000030h]4_2_6D804B94
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C1BA8 mov eax, dword ptr fs:[00000030h]4_2_6D8C1BA8
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834BAD mov eax, dword ptr fs:[00000030h]4_2_6D834BAD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834BAD mov eax, dword ptr fs:[00000030h]4_2_6D834BAD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D834BAD mov eax, dword ptr fs:[00000030h]4_2_6D834BAD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D9BBE mov eax, dword ptr fs:[00000030h]4_2_6D8D9BBE
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8BB6 mov eax, dword ptr fs:[00000030h]4_2_6D8D8BB6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B23E3 mov ecx, dword ptr fs:[00000030h]4_2_6D8B23E3
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B23E3 mov ecx, dword ptr fs:[00000030h]4_2_6D8B23E3
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8B23E3 mov eax, dword ptr fs:[00000030h]4_2_6D8B23E3
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D801BE9 mov eax, dword ptr fs:[00000030h]4_2_6D801BE9
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8023F6 mov eax, dword ptr fs:[00000030h]4_2_6D8023F6
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A309 mov eax, dword ptr fs:[00000030h]4_2_6D82A309
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C131B mov eax, dword ptr fs:[00000030h]4_2_6D8C131B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D894320 mov eax, dword ptr fs:[00000030h]4_2_6D894320
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80F340 mov eax, dword ptr fs:[00000030h]4_2_6D80F340
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D80DB40 mov eax, dword ptr fs:[00000030h]4_2_6D80DB40
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8D8B58 mov eax, dword ptr fs:[00000030h]4_2_6D8D8B58
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D833B5A mov eax, dword ptr fs:[00000030h]4_2_6D833B5A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D833B5A mov eax, dword ptr fs:[00000030h]4_2_6D833B5A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D833B5A mov eax, dword ptr fs:[00000030h]4_2_6D833B5A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D833B5A mov eax, dword ptr fs:[00000030h]4_2_6D833B5A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D833B7A mov eax, dword ptr fs:[00000030h]4_2_6D833B7A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D833B7A mov eax, dword ptr fs:[00000030h]4_2_6D833B7A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83D294 mov eax, dword ptr fs:[00000030h]4_2_6D83D294
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83D294 mov eax, dword ptr fs:[00000030h]4_2_6D83D294
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D801AA0 mov eax, dword ptr fs:[00000030h]4_2_6D801AA0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D835AA0 mov eax, dword ptr fs:[00000030h]4_2_6D835AA0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D835AA0 mov eax, dword ptr fs:[00000030h]4_2_6D835AA0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8052A5 mov eax, dword ptr fs:[00000030h]4_2_6D8052A5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8052A5 mov eax, dword ptr fs:[00000030h]4_2_6D8052A5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8052A5 mov eax, dword ptr fs:[00000030h]4_2_6D8052A5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8052A5 mov eax, dword ptr fs:[00000030h]4_2_6D8052A5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8052A5 mov eax, dword ptr fs:[00000030h]4_2_6D8052A5
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8312BD mov esi, dword ptr fs:[00000030h]4_2_6D8312BD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8312BD mov eax, dword ptr fs:[00000030h]4_2_6D8312BD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8312BD mov eax, dword ptr fs:[00000030h]4_2_6D8312BD
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805AC0 mov eax, dword ptr fs:[00000030h]4_2_6D805AC0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805AC0 mov eax, dword ptr fs:[00000030h]4_2_6D805AC0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805AC0 mov eax, dword ptr fs:[00000030h]4_2_6D805AC0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D803ACA mov eax, dword ptr fs:[00000030h]4_2_6D803ACA
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8C4AEF mov eax, dword ptr fs:[00000030h]4_2_6D8C4AEF
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D818A0A mov eax, dword ptr fs:[00000030h]4_2_6D818A0A
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805210 mov eax, dword ptr fs:[00000030h]4_2_6D805210
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805210 mov ecx, dword ptr fs:[00000030h]4_2_6D805210
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805210 mov eax, dword ptr fs:[00000030h]4_2_6D805210
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D805210 mov eax, dword ptr fs:[00000030h]4_2_6D805210
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D823A1C mov eax, dword ptr fs:[00000030h]4_2_6D823A1C
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804A20 mov eax, dword ptr fs:[00000030h]4_2_6D804A20
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D804A20 mov eax, dword ptr fs:[00000030h]4_2_6D804A20
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D88EA20 mov eax, dword ptr fs:[00000030h]4_2_6D88EA20
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 mov eax, dword ptr fs:[00000030h]4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 mov eax, dword ptr fs:[00000030h]4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 mov eax, dword ptr fs:[00000030h]4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 mov eax, dword ptr fs:[00000030h]4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 mov eax, dword ptr fs:[00000030h]4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 mov eax, dword ptr fs:[00000030h]4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 mov eax, dword ptr fs:[00000030h]4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 mov eax, dword ptr fs:[00000030h]4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D82A229 mov eax, dword ptr fs:[00000030h]4_2_6D82A229
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D808239 mov eax, dword ptr fs:[00000030h]4_2_6D808239
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D808239 mov eax, dword ptr fs:[00000030h]4_2_6D808239
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D808239 mov eax, dword ptr fs:[00000030h]4_2_6D808239
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D802240 mov ecx, dword ptr fs:[00000030h]4_2_6D802240
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D802240 mov eax, dword ptr fs:[00000030h]4_2_6D802240
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809240 mov eax, dword ptr fs:[00000030h]4_2_6D809240
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809240 mov eax, dword ptr fs:[00000030h]4_2_6D809240
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809240 mov eax, dword ptr fs:[00000030h]4_2_6D809240
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D809240 mov eax, dword ptr fs:[00000030h]4_2_6D809240
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D894248 mov eax, dword ptr fs:[00000030h]4_2_6D894248
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D894257 mov eax, dword ptr fs:[00000030h]4_2_6D894257
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BB260 mov eax, dword ptr fs:[00000030h]4_2_6D8BB260
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8BB260 mov eax, dword ptr fs:[00000030h]4_2_6D8BB260
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D84927A mov eax, dword ptr fs:[00000030h]4_2_6D84927A
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FA745 mov eax, dword ptr fs:[00000030h]14_2_6F4FA745
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52DF4C mov eax, dword ptr fs:[00000030h]14_2_6F52DF4C
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F522F70 mov eax, dword ptr fs:[00000030h]14_2_6F522F70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F522F70 mov eax, dword ptr fs:[00000030h]14_2_6F522F70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F522F70 mov eax, dword ptr fs:[00000030h]14_2_6F522F70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F522F70 mov eax, dword ptr fs:[00000030h]14_2_6F522F70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F522F70 mov eax, dword ptr fs:[00000030h]14_2_6F522F70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F522F70 mov eax, dword ptr fs:[00000030h]14_2_6F522F70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F522F70 mov eax, dword ptr fs:[00000030h]14_2_6F522F70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F6F60 mov eax, dword ptr fs:[00000030h]14_2_6F4F6F60
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F6F60 mov eax, dword ptr fs:[00000030h]14_2_6F4F6F60
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51E760 mov eax, dword ptr fs:[00000030h]14_2_6F51E760
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51E760 mov eax, dword ptr fs:[00000030h]14_2_6F51E760
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8F6A mov eax, dword ptr fs:[00000030h]14_2_6F5C8F6A
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F524710 mov eax, dword ptr fs:[00000030h]14_2_6F524710
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51F716 mov eax, dword ptr fs:[00000030h]14_2_6F51F716
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F58FF10 mov eax, dword ptr fs:[00000030h]14_2_6F58FF10
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F58FF10 mov eax, dword ptr fs:[00000030h]14_2_6F58FF10
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F4F2E mov eax, dword ptr fs:[00000030h]14_2_6F4F4F2E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F4F2E mov eax, dword ptr fs:[00000030h]14_2_6F4F4F2E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52E730 mov eax, dword ptr fs:[00000030h]14_2_6F52E730
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51B73D mov eax, dword ptr fs:[00000030h]14_2_6F51B73D
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51B73D mov eax, dword ptr fs:[00000030h]14_2_6F51B73D
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F6730 mov eax, dword ptr fs:[00000030h]14_2_6F4F6730
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F6730 mov eax, dword ptr fs:[00000030h]14_2_6F4F6730
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F6730 mov eax, dword ptr fs:[00000030h]14_2_6F4F6730
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F3FC5 mov eax, dword ptr fs:[00000030h]14_2_6F4F3FC5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F3FC5 mov eax, dword ptr fs:[00000030h]14_2_6F4F3FC5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F3FC5 mov eax, dword ptr fs:[00000030h]14_2_6F4F3FC5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5337F5 mov eax, dword ptr fs:[00000030h]14_2_6F5337F5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5237EB mov eax, dword ptr fs:[00000030h]14_2_6F5237EB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5237EB mov eax, dword ptr fs:[00000030h]14_2_6F5237EB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5237EB mov eax, dword ptr fs:[00000030h]14_2_6F5237EB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5237EB mov eax, dword ptr fs:[00000030h]14_2_6F5237EB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5237EB mov eax, dword ptr fs:[00000030h]14_2_6F5237EB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5237EB mov eax, dword ptr fs:[00000030h]14_2_6F5237EB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5237EB mov eax, dword ptr fs:[00000030h]14_2_6F5237EB
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov ecx, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F2FB0 mov eax, dword ptr fs:[00000030h]14_2_6F4F2FB0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F586652 mov eax, dword ptr fs:[00000030h]14_2_6F586652
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F523E70 mov eax, dword ptr fs:[00000030h]14_2_6F523E70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F582E14 mov eax, dword ptr fs:[00000030h]14_2_6F582E14
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FC600 mov eax, dword ptr fs:[00000030h]14_2_6F4FC600
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FC600 mov eax, dword ptr fs:[00000030h]14_2_6F4FC600
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FC600 mov eax, dword ptr fs:[00000030h]14_2_6F4FC600
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5AFE3F mov eax, dword ptr fs:[00000030h]14_2_6F5AFE3F
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F530E21 mov eax, dword ptr fs:[00000030h]14_2_6F530E21
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FA63B mov eax, dword ptr fs:[00000030h]14_2_6F4FA63B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FA63B mov eax, dword ptr fs:[00000030h]14_2_6F4FA63B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F575623 mov eax, dword ptr fs:[00000030h]14_2_6F575623
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F575623 mov eax, dword ptr fs:[00000030h]14_2_6F575623
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F575623 mov eax, dword ptr fs:[00000030h]14_2_6F575623
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F575623 mov eax, dword ptr fs:[00000030h]14_2_6F575623
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F575623 mov eax, dword ptr fs:[00000030h]14_2_6F575623
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F575623 mov eax, dword ptr fs:[00000030h]14_2_6F575623
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F575623 mov eax, dword ptr fs:[00000030h]14_2_6F575623
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F575623 mov eax, dword ptr fs:[00000030h]14_2_6F575623
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F575623 mov eax, dword ptr fs:[00000030h]14_2_6F575623
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8ED6 mov eax, dword ptr fs:[00000030h]14_2_6F5C8ED6
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5236CC mov eax, dword ptr fs:[00000030h]14_2_6F5236CC
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5216E0 mov ecx, dword ptr fs:[00000030h]14_2_6F5216E0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F533EE4 mov eax, dword ptr fs:[00000030h]14_2_6F533EE4
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F533EE4 mov eax, dword ptr fs:[00000030h]14_2_6F533EE4
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F533EE4 mov eax, dword ptr fs:[00000030h]14_2_6F533EE4
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52DE9E mov eax, dword ptr fs:[00000030h]14_2_6F52DE9E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52DE9E mov eax, dword ptr fs:[00000030h]14_2_6F52DE9E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52DE9E mov eax, dword ptr fs:[00000030h]14_2_6F52DE9E
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F3E80 mov eax, dword ptr fs:[00000030h]14_2_6F4F3E80
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F3E80 mov eax, dword ptr fs:[00000030h]14_2_6F4F3E80
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5746A7 mov eax, dword ptr fs:[00000030h]14_2_6F5746A7
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F582EA3 mov eax, dword ptr fs:[00000030h]14_2_6F582EA3
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F517D50 mov eax, dword ptr fs:[00000030h]14_2_6F517D50
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F354C mov eax, dword ptr fs:[00000030h]14_2_6F4F354C
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F354C mov eax, dword ptr fs:[00000030h]14_2_6F4F354C
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F533D43 mov eax, dword ptr fs:[00000030h]14_2_6F533D43
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A3D40 mov eax, dword ptr fs:[00000030h]14_2_6F5A3D40
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51C577 mov eax, dword ptr fs:[00000030h]14_2_6F51C577
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F51C577 mov eax, dword ptr fs:[00000030h]14_2_6F51C577
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B3518 mov eax, dword ptr fs:[00000030h]14_2_6F5B3518
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B3518 mov eax, dword ptr fs:[00000030h]14_2_6F5B3518
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5B3518 mov eax, dword ptr fs:[00000030h]14_2_6F5B3518
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FF51D mov eax, dword ptr fs:[00000030h]14_2_6F4FF51D
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8D34 mov eax, dword ptr fs:[00000030h]14_2_6F5C8D34
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F524D3B mov eax, dword ptr fs:[00000030h]14_2_6F524D3B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F524D3B mov eax, dword ptr fs:[00000030h]14_2_6F524D3B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F524D3B mov eax, dword ptr fs:[00000030h]14_2_6F524D3B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F521520 mov eax, dword ptr fs:[00000030h]14_2_6F521520
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F521520 mov eax, dword ptr fs:[00000030h]14_2_6F521520
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F521520 mov eax, dword ptr fs:[00000030h]14_2_6F521520
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F521520 mov eax, dword ptr fs:[00000030h]14_2_6F521520
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F521520 mov eax, dword ptr fs:[00000030h]14_2_6F521520
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4FAD30 mov eax, dword ptr fs:[00000030h]14_2_6F4FAD30
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5AFDD3 mov eax, dword ptr fs:[00000030h]14_2_6F5AFDD3
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F15C1 mov eax, dword ptr fs:[00000030h]14_2_6F4F15C1
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5A8DF1 mov eax, dword ptr fs:[00000030h]14_2_6F5A8DF1
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5295EC mov eax, dword ptr fs:[00000030h]14_2_6F5295EC
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F95F0 mov eax, dword ptr fs:[00000030h]14_2_6F4F95F0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F95F0 mov ecx, dword ptr fs:[00000030h]14_2_6F4F95F0
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5BB581 mov eax, dword ptr fs:[00000030h]14_2_6F5BB581
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5BB581 mov eax, dword ptr fs:[00000030h]14_2_6F5BB581
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5BB581 mov eax, dword ptr fs:[00000030h]14_2_6F5BB581
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5BB581 mov eax, dword ptr fs:[00000030h]14_2_6F5BB581
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F4F3591 mov eax, dword ptr fs:[00000030h]14_2_6F4F3591
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F521DB5 mov eax, dword ptr fs:[00000030h]14_2_6F521DB5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F521DB5 mov eax, dword ptr fs:[00000030h]14_2_6F521DB5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F521DB5 mov eax, dword ptr fs:[00000030h]14_2_6F521DB5
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5235A1 mov eax, dword ptr fs:[00000030h]14_2_6F5235A1
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F5C8450 mov eax, dword ptr fs:[00000030h]14_2_6F5C8450
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F535C70 mov eax, dword ptr fs:[00000030h]14_2_6F535C70
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F50FC77 mov eax, dword ptr fs:[00000030h]14_2_6F50FC77
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F50FC77 mov eax, dword ptr fs:[00000030h]14_2_6F50FC77
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F50FC77 mov eax, dword ptr fs:[00000030h]14_2_6F50FC77
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F50FC77 mov eax, dword ptr fs:[00000030h]14_2_6F50FC77
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52AC7B mov eax, dword ptr fs:[00000030h]14_2_6F52AC7B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52AC7B mov eax, dword ptr fs:[00000030h]14_2_6F52AC7B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52AC7B mov eax, dword ptr fs:[00000030h]14_2_6F52AC7B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52AC7B mov eax, dword ptr fs:[00000030h]14_2_6F52AC7B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52AC7B mov eax, dword ptr fs:[00000030h]14_2_6F52AC7B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52AC7B mov eax, dword ptr fs:[00000030h]14_2_6F52AC7B
                  Source: C:\Users\user\AppData\Roaming\ahafdusCode function: 14_2_6F52AC7B mov eax, dword ptr fs:[00000030h]14_2_6F52AC7B
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 0_2_00406C70 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00406C70
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 0_2_00406110 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00406110

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  Benign windows process drops PE filesShow sources
                  Source: C:\Windows\explorer.exeFile created: ahafdus.6.drJump to dropped file
                  System process connects to network (likely due to code injection or exploit)Show sources
                  Source: C:\Windows\explorer.exeDomain query: hewilldoit.xyz
                  Contains functionality to inject code into remote processesShow sources
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 0_2_03390110 VirtualAlloc,GetModuleFileNameA,CreateProcessA,VirtualFree,VirtualAlloc,GetThreadContext,ReadProcessMemory,NtUnmapViewOfSection,VirtualAllocEx,NtWriteVirtualMemory,NtWriteVirtualMemory,WriteProcessMemory,SetThreadContext,ResumeThread,ExitProcess,0_2_03390110
                  Creates a thread in another existing process (thread injection)Show sources
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeThread created: C:\Windows\explorer.exe EIP: 31A18B8Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusThread created: unknown EIP: 4F418B8Jump to behavior
                  Injects a PE file into a foreign processesShow sources
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeMemory written: C:\Users\user\Desktop\xax2K3BWhm.exe base: 400000 value starts with: 4D5AJump to behavior
                  Maps a DLL or memory area into another processShow sources
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeProcess created: C:\Users\user\Desktop\xax2K3BWhm.exe 'C:\Users\user\Desktop\xax2K3BWhm.exe' Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\ahafdusProcess created: C:\Users\user\AppData\Roaming\ahafdus C:\Users\user\AppData\Roaming\ahafdusJump to behavior
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D83E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,4_2_6D83E730
                  Source: explorer.exe, 00000006.00000000.698013064.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
                  Source: explorer.exe, 00000006.00000000.670486150.0000000001080000.00000002.00000001.sdmpBinary or memory string: Program Manager
                  Source: explorer.exe, 00000006.00000000.683863365.0000000005E50000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd
                  Source: explorer.exe, 00000006.00000000.670486150.0000000001080000.00000002.00000001.sdmpBinary or memory string: Progman
                  Source: explorer.exe, 00000006.00000000.670486150.0000000001080000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                  Source: explorer.exe, 00000006.00000000.687556430.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 0_2_004019C0 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_004019C0
                  Source: C:\Users\user\Desktop\xax2K3BWhm.exeCode function: 4_2_6D8065A0 RtlpGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwQueryLicenseValue,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetVersion,4_2_6D8065A0
                  Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected SmokeLoaderShow sources
                  Source: Yara matchFile source: 0000000E.00000002.788412687.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.715843467.0000000000580000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.715911224.0000000001F61000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.788476185.0000000000521000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 4.1.xax2K3BWhm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.1.ahafdus.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.xax2K3BWhm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.ahafdus.400000.0.unpack, type: UNPACKEDPE

                  Remote Access Functionality:

                  barindex
                  Yara detected SmokeLoaderShow sources
                  Source: Yara matchFile source: 0000000E.00000002.788412687.00000000004A0000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.715843467.0000000000580000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.715911224.0000000001F61000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.788476185.0000000000521000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 4.1.xax2K3BWhm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.1.ahafdus.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.xax2K3BWhm.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.ahafdus.400000.0.unpack, type: UNPACKEDPE

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsNative API1DLL Side-Loading11Process Injection512Masquerading11OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsExploitation for Client Execution1Boot or Logon Initialization ScriptsDLL Side-Loading11Virtualization/Sandbox Evasion12LSASS MemorySecurity Software Discovery431Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection512Security Account ManagerVirtualization/Sandbox Evasion12SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol12Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptHidden Files and Directories1LSA SecretsApplication Window Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Information Discovery5VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing11DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobTimestomp1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                  Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)DLL Side-Loading11/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                  Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)File Deletion1Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 signatures2 2 Behavior Graph ID: 435322 Sample: xax2K3BWhm.exe Startdate: 16/06/2021 Architecture: WINDOWS Score: 100 41 Found malware configuration 2->41 43 Multi AV Scanner detection for submitted file 2->43 45 Yara detected SmokeLoader 2->45 47 3 other signatures 2->47 6 ahafdus 2->6         started        9 xax2K3BWhm.exe 2->9         started        11 explorer.exe 2 2->11         started        process3 dnsIp4 49 Multi AV Scanner detection for dropped file 6->49 51 DLL reload attack detected 6->51 53 Detected unpacking (changes PE section rights) 6->53 55 Machine Learning detection for dropped file 6->55 15 ahafdus 1 6->15         started        57 Contains functionality to inject code into remote processes 9->57 59 Injects a PE file into a foreign processes 9->59 19 xax2K3BWhm.exe 1 9->19         started        27 hewilldoit.xyz 185.45.192.246, 443, 49757 HSAE United Arab Emirates 11->27 29 192.168.2.1 unknown unknown 11->29 21 C:\Users\user\AppData\Roaming\ahafdus, PE32 11->21 dropped 23 C:\Users\user\...\ahafdus:Zone.Identifier, ASCII 11->23 dropped 61 System process connects to network (likely due to code injection or exploit) 11->61 63 Benign windows process drops PE files 11->63 65 Performs DNS queries to domains with low reputation 11->65 67 2 other signatures 11->67 file5 signatures6 process7 file8 25 C:\Users\user\AppData\Local\Temp\BCCB.tmp, PE32 15->25 dropped 31 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 15->31 33 Renames NTDLL to bypass HIPS 15->33 35 Maps a DLL or memory area into another process 15->35 37 Checks if the current machine is a virtual machine (disk enumeration) 19->37 39 Creates a thread in another existing process (thread injection) 19->39 signatures9

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  xax2K3BWhm.exe45%ReversingLabsWin32.Trojan.Pwsx
                  xax2K3BWhm.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\ahafdus100%Joe Sandbox ML
                  C:\Users\user\AppData\Local\Temp\BCCB.tmp0%MetadefenderBrowse
                  C:\Users\user\AppData\Local\Temp\BCCB.tmp2%ReversingLabs
                  C:\Users\user\AppData\Roaming\ahafdus45%ReversingLabsWin32.Trojan.Pwsx

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  4.1.xax2K3BWhm.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  14.1.ahafdus.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  4.2.xax2K3BWhm.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                  14.2.ahafdus.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  https://hewilldoit.xyz/zizi/0%Avira URL Cloudsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://www.%s.comPA0%URL Reputationsafe
                  http://www.%s.comPA0%URL Reputationsafe
                  http://www.%s.comPA0%URL Reputationsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  https://hehasdoneit.xyz/zizi/0%Avira URL Cloudsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.sakkal.com0%URL Reputationsafe
                  http://www.sakkal.com0%URL Reputationsafe
                  http://www.sakkal.com0%URL Reputationsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  hewilldoit.xyz
                  		185.45.192.246
                  		truetrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://hewilldoit.xyz/zizi/true
                    • Avira URL Cloud: safe
                    		unknown
                    https://hehasdoneit.xyz/zizi/true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.comexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.com/designersGexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.com/designers/?explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn/bTheexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers?explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                              		high
                              http://www.tiro.comexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designersexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                		high
                                http://www.goodfont.co.krexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.carterandcone.comlexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.sajatypeworks.comexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.typography.netDexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/cTheexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://fontfabrik.comexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cnexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/frere-user.htmlexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.jiyu-kobo.co.jp/explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers8explorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.%s.comPAexplorer.exe, 00000006.00000000.670999978.0000000002B50000.00000002.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		low
                                      http://www.fonts.comexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.sandoll.co.krexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.urwpp.deDPleaseexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.sakkal.comexplorer.exe, 00000006.00000000.689116925.000000000B976000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown

                                        Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public

                                        IPDomainCountryFlagASNASN NameMalicious
                                        185.45.192.246
                                        		hewilldoit.xyzUnited Arab Emirates
                                        		60117HSAEtrue

                                        Private

                                        IP
                                        192.168.2.1

                                        General Information

                                        Joe Sandbox Version:32.0.0 Black Diamond
                                        Analysis ID:435322
                                        Start date:16.06.2021
                                        Start time:12:16:42
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 9m 41s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:xax2K3BWhm.exe
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:18
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal100.troj.evad.winEXE@6/4@1/2
                                        EGA Information:Failed
                                        HDC Information:
                                        • Successful, ratio: 15.2% (good quality ratio 13.2%)
                                        • Quality average: 51.7%
                                        • Quality standard deviation: 29.2%
                                        HCA Information:Failed
                                        Cookbook Comments:
                                        • Adjust boot time
                                        • Enable AMSI
                                        • Found application associated with file extension: .exe
                                        Warnings:
                                        Show All
                                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                        • Excluded IPs from analysis (whitelisted): 131.253.33.200, 13.107.22.200, 20.49.157.6, 52.113.196.254, 13.64.90.137, 13.107.3.254, 13.107.253.254, 52.147.198.201, 23.211.6.115, 205.185.216.10, 205.185.216.42, 20.54.7.98, 40.112.88.60, 80.67.82.235, 80.67.82.211, 20.50.102.62
                                        • Excluded domains from analysis (whitelisted): s-ring.msedge.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, teams-9999.teams-msedge.net, e12564.dspb.akamaiedge.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, s-ring.s-9999.s-msedge.net, t-ring.msedge.net, dual-a-0001.dc-msedge.net, t-9999.fb-t-msedge.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, s-9999.s-msedge.net, store-images.s-microsoft.com, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, blobcollector.events.data.trafficmanager.net, teams-ring.teams-9999.teams-msedge.net, teams-ring.msedge.net, t-ring.t-9999.t-msedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net
                                        • VT rate limit hit for: /opt/package/joesandbox/database/analysis/435322/sample/xax2K3BWhm.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        12:18:19Task SchedulerRun new task: Firefox Default Browser Agent 52341AE72BE32359 path: C:\Users\user\AppData\Roaming\ahafdus

                                        Joe Sandbox View / Context

                                        IPs

                                        No context

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        hewilldoit.xyzDEBIT NOTE.xlsxGet hashmaliciousBrowse
                                        • 194.169.160.179

                                        ASN

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        HSAECancellation_480942562_06082021.xlsmGet hashmaliciousBrowse
                                        • 185.45.192.236
                                        Cancellation_480942562_06082021.xlsmGet hashmaliciousBrowse
                                        • 185.45.192.236
                                        QB4b8Pxj7J.exeGet hashmaliciousBrowse
                                        • 185.198.57.121
                                        T0DwfJpncn.exeGet hashmaliciousBrowse
                                        • 185.198.57.121
                                        69d80bd2a76850dc24f4a91c82ef60f998afc28644394.exeGet hashmaliciousBrowse
                                        • 185.198.57.121
                                        Document_06022021_228219382_Copy.xlsmGet hashmaliciousBrowse
                                        • 185.183.98.25
                                        Document_06022021_228219382_Copy.xlsmGet hashmaliciousBrowse
                                        • 185.183.98.25
                                        Document_06022021_1157730537_Copy.xlsmGet hashmaliciousBrowse
                                        • 185.183.98.25
                                        Document_06022021_1157730537_Copy.xlsmGet hashmaliciousBrowse
                                        • 185.183.98.25
                                        Overdue_Debt_1535591908_06012021.xlsmGet hashmaliciousBrowse
                                        • 185.141.27.144
                                        Overdue_Debt_1535591908_06012021.xlsmGet hashmaliciousBrowse
                                        • 185.141.27.144
                                        21305177357_05272021.xlsmGet hashmaliciousBrowse
                                        • 185.117.73.134
                                        21305177357_05272021.xlsmGet hashmaliciousBrowse
                                        • 185.117.73.134
                                        21881755902_05272021.xlsmGet hashmaliciousBrowse
                                        • 185.117.73.134
                                        21881755902_05272021.xlsmGet hashmaliciousBrowse
                                        • 185.117.73.134
                                        Decline_1491125237_05262021.xlsmGet hashmaliciousBrowse
                                        • 185.183.96.223
                                        Decline_1491125237_05262021.xlsmGet hashmaliciousBrowse
                                        • 185.183.96.223
                                        cc859408_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                        • 185.198.57.83
                                        cc859408_by_Libranalysis.xlsxGet hashmaliciousBrowse
                                        • 185.198.57.83
                                        ZLiyQKv0K4.exeGet hashmaliciousBrowse
                                        • 185.183.98.2

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        C:\Users\user\AppData\Local\Temp\BCCB.tmpEd2zaPhzUD.exeGet hashmaliciousBrowse
                                          ccbf1853c703609eda36bc07ab8eb2faf692153b56ecf.exeGet hashmaliciousBrowse
                                            OcLtW2CNjy.exeGet hashmaliciousBrowse
                                              pub2.exeGet hashmaliciousBrowse
                                                42sB3Upj67.exeGet hashmaliciousBrowse
                                                  RE6WxoVS7v.exeGet hashmaliciousBrowse
                                                    VvaBHdJoGY.exeGet hashmaliciousBrowse
                                                      051y0i7M8q.exeGet hashmaliciousBrowse
                                                        RdtoOe8Lzj.exeGet hashmaliciousBrowse
                                                          MwcrHqpRj7.exeGet hashmaliciousBrowse
                                                            jo3GzZMQBG.exeGet hashmaliciousBrowse
                                                              main_setup_x86x64.exeGet hashmaliciousBrowse
                                                                w4X8dxtGi6.exeGet hashmaliciousBrowse
                                                                  BrBsL8sBvm.exeGet hashmaliciousBrowse
                                                                    bL6FwQU4K5.exeGet hashmaliciousBrowse
                                                                      3JDjILxXaA.exeGet hashmaliciousBrowse
                                                                        o8RYFTZsuU.exeGet hashmaliciousBrowse
                                                                          MrjC4jkPL8.exeGet hashmaliciousBrowse
                                                                            qi3xLxAlDv.exeGet hashmaliciousBrowse
                                                                              Yl6482CO6U.exeGet hashmaliciousBrowse

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Temp\BCCB.tmp
                                                                                Process:C:\Users\user\AppData\Roaming\ahafdus
                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):1622408
                                                                                Entropy (8bit):6.298350783524153
                                                                                Encrypted:false
                                                                                SSDEEP:24576:hNZ04UyDzGrVh8xsPCw3/dzcldJndozS35IW1q/kNVSYVEs4j13HLHGJImdV4q:dGrVr3hclvnqzS35IWk/LvRHb0
                                                                                MD5:BFA689ECA05147AFD466359DD4A144A3
                                                                                SHA1:B3474BE2B836567420F8DC96512AA303F31C8AFC
                                                                                SHA-256:B78463B94388FDDB34C03F5DDDD5D542E05CDED6D4E38C6A3588EC2C90F0070B
                                                                                SHA-512:8F09781FD585A6DFB8BBC34B9F153B414478B44B28D80A8B0BDC3BED687F3ADAB9E60F08CCEC5D5A3FD916E3091C845F9D96603749490B1F7001430408F711D4
                                                                                Malicious:false
                                                                                Antivirus:
                                                                                • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                • Antivirus: ReversingLabs, Detection: 2%
                                                                                Joe Sandbox View:
                                                                                • Filename: Ed2zaPhzUD.exe, Detection: malicious, Browse
                                                                                • Filename: ccbf1853c703609eda36bc07ab8eb2faf692153b56ecf.exe, Detection: malicious, Browse
                                                                                • Filename: OcLtW2CNjy.exe, Detection: malicious, Browse
                                                                                • Filename: pub2.exe, Detection: malicious, Browse
                                                                                • Filename: 42sB3Upj67.exe, Detection: malicious, Browse
                                                                                • Filename: RE6WxoVS7v.exe, Detection: malicious, Browse
                                                                                • Filename: VvaBHdJoGY.exe, Detection: malicious, Browse
                                                                                • Filename: 051y0i7M8q.exe, Detection: malicious, Browse
                                                                                • Filename: RdtoOe8Lzj.exe, Detection: malicious, Browse
                                                                                • Filename: MwcrHqpRj7.exe, Detection: malicious, Browse
                                                                                • Filename: jo3GzZMQBG.exe, Detection: malicious, Browse
                                                                                • Filename: main_setup_x86x64.exe, Detection: malicious, Browse
                                                                                • Filename: w4X8dxtGi6.exe, Detection: malicious, Browse
                                                                                • Filename: BrBsL8sBvm.exe, Detection: malicious, Browse
                                                                                • Filename: bL6FwQU4K5.exe, Detection: malicious, Browse
                                                                                • Filename: 3JDjILxXaA.exe, Detection: malicious, Browse
                                                                                • Filename: o8RYFTZsuU.exe, Detection: malicious, Browse
                                                                                • Filename: MrjC4jkPL8.exe, Detection: malicious, Browse
                                                                                • Filename: qi3xLxAlDv.exe, Detection: malicious, Browse
                                                                                • Filename: Yl6482CO6U.exe, Detection: malicious, Browse
                                                                                Reputation:moderate, very likely benign file
                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L!y>.@.m.@.m.@.m...l.@.mg$.l.@.mg$.lN@.mg$.l.A.mg$.l.@.mg$.l.@.mg$.m.@.mg$.l.@.mRich.@.m........................PE..L...s<s............!.....,...................P....(K......................................@A.............................&..............8............h...Y.......N..`l..T............................................................................text....).......*.................. ..`RT...........@...................... ..`.data...dW...P.......0..............@....mrdata.h#.......$...>..............@....00cfg...............b..............@..@.rsrc...8............d..............@..@.reloc...N.......P..................@..B........................................................................................................................................................................................................................................
                                                                                C:\Users\user\AppData\Roaming\ahafdus
                                                                                Process:C:\Windows\explorer.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):297984
                                                                                Entropy (8bit):5.6203884195953275
                                                                                Encrypted:false
                                                                                SSDEEP:3072:sZCIbJFbQUyeB5cq3Dey3GLtXWxQokuWaPrKrQ1xZB0YWi8y94rMtQiSrX3:sZCYGUyeB57iy3MloRrtxhjtQiSrX3
                                                                                MD5:E3686E4E0ED04A1FD38BB5060CB2441E
                                                                                SHA1:7A6E59E6C01135AB4EC685DC8C6BF7835429C916
                                                                                SHA-256:1D1DBABC1C905C7153847C6BB5B88905942D414C4DBF39E3784DC9A62E1120DB
                                                                                SHA-512:F3D6360449FE4DD742B653EBB7F6E7756D8E1145C9D96564917D23A01CC0F3DC6288B551BCD7727562E20213EC7433820933DD4F3F45B5FF7E7FECE0A8DC4C6B
                                                                                Malicious:true
                                                                                Antivirus:
                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                • Antivirus: ReversingLabs, Detection: 45%
                                                                                Reputation:low
                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............m..m..m......m......m.......m.....m..l...m......m......m......m.Rich..m.................PE..L......^............................ .............@..........................`..............................................t2..P........'...................0......................................h*..@...............@............................text............................... ..`.rdata.............................@..@.data...<....@.......&..............@....rsrc....'.......(...B..............@..@.reloc... ...0..."...j..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                C:\Users\user\AppData\Roaming\ahafdus:Zone.Identifier
                                                                                Process:C:\Windows\explorer.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:modified
                                                                                Size (bytes):26
                                                                                Entropy (8bit):3.95006375643621
                                                                                Encrypted:false
                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                Malicious:true
                                                                                Reputation:high, very likely benign file
                                                                                Preview: [ZoneTransfer]....ZoneId=0

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Entropy (8bit):5.6203884195953275
                                                                                TrID:
                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                File name:xax2K3BWhm.exe
                                                                                File size:297984
                                                                                MD5:e3686e4e0ed04a1fd38bb5060cb2441e
                                                                                SHA1:7a6e59e6c01135ab4ec685dc8c6bf7835429c916
                                                                                SHA256:1d1dbabc1c905c7153847c6bb5b88905942d414c4dbf39e3784dc9a62e1120db
                                                                                SHA512:f3d6360449fe4dd742b653ebb7f6e7756d8e1145c9d96564917d23a01cc0f3dc6288b551bcd7727562e20213ec7433820933dd4f3f45b5ff7e7fece0a8dc4c6b
                                                                                SSDEEP:3072:sZCIbJFbQUyeB5cq3Dey3GLtXWxQokuWaPrKrQ1xZB0YWi8y94rMtQiSrX3:sZCYGUyeB57iy3MloRrtxhjtQiSrX3
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............m...m...m.......m.......m.......m.......m...l...m.......m.......m.......m.Rich..m.................PE..L......^...........

                                                                                File Icon

                                                                                Icon Hash:aedaae9ee6a6aaa4

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x401020
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                Time Stamp:0x5E00D3AA [Mon Dec 23 14:48:10 2019 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:5
                                                                                OS Version Minor:1
                                                                                File Version Major:5
                                                                                File Version Minor:1
                                                                                Subsystem Version Major:5
                                                                                Subsystem Version Minor:1
                                                                                Import Hash:2ab857f73c9912dee0698f559b75c172

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                mov edi, edi
                                                                                push ebp
                                                                                mov ebp, esp
                                                                                call 00007FC5C0D4E54Bh
                                                                                call 00007FC5C0D4DBC6h
                                                                                pop ebp
                                                                                ret
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                int3
                                                                                mov edi, edi
                                                                                push ebp
                                                                                mov ebp, esp
                                                                                push FFFFFFFEh
                                                                                push 00432C40h
                                                                                push 004057B0h
                                                                                mov eax, dword ptr fs:[00000000h]
                                                                                push eax
                                                                                add esp, FFFFFF98h
                                                                                push ebx
                                                                                push esi
                                                                                push edi
                                                                                mov eax, dword ptr [00434064h]
                                                                                xor dword ptr [ebp-08h], eax
                                                                                xor eax, ebp
                                                                                push eax
                                                                                lea eax, dword ptr [ebp-10h]
                                                                                mov dword ptr fs:[00000000h], eax
                                                                                mov dword ptr [ebp-18h], esp
                                                                                mov dword ptr [ebp-70h], 00000000h
                                                                                lea eax, dword ptr [ebp-60h]
                                                                                push eax
                                                                                call dword ptr [0042A160h]
                                                                                cmp dword ptr [0321EF38h], 00000000h
                                                                                jne 00007FC5C0D4DBC0h
                                                                                push 00000000h
                                                                                push 00000000h
                                                                                push 00000001h
                                                                                push 00000000h
                                                                                call dword ptr [0042A15Ch]
                                                                                call 00007FC5C0D4DD43h
                                                                                mov dword ptr [ebp-6Ch], eax
                                                                                call 00007FC5C0D5227Bh
                                                                                test eax, eax
                                                                                jne 00007FC5C0D4DBBCh
                                                                                push 0000001Ch
                                                                                call 00007FC5C0D4DD00h
                                                                                add esp, 04h
                                                                                call 00007FC5C0D51BD8h
                                                                                test eax, eax
                                                                                jne 00007FC5C0D4DBBCh
                                                                                push 00000010h
                                                                                call 00007FC5C0D4DCEDh
                                                                                add esp, 04h
                                                                                push 00000001h
                                                                                call 00007FC5C0D51B23h
                                                                                add esp, 04h
                                                                                call 00007FC5C0D4F8FBh
                                                                                mov dword ptr [ebp-04h], 00000000h
                                                                                call 00007FC5C0D4F4DFh
                                                                                test eax, eax

                                                                                Rich Headers

                                                                                Programming Language:
                                                                                • [LNK] VS2010 build 30319
                                                                                • [ASM] VS2010 build 30319
                                                                                • [ C ] VS2010 build 30319
                                                                                • [C++] VS2010 build 30319
                                                                                • [RES] VS2010 build 30319
                                                                                • [IMP] VS2008 SP1 build 30729

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x332740x50.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x2e200000x27b0.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x2e230000x1ae0.reloc
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x2a2900x1c.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x32a680x40.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x2a0000x240.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000x281ab0x28200False0.58144713785data6.88203005979IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                .rdata0x2a0000x9fe80xa000False0.321801757812data4.72565628461IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .data0x340000x2debf3c0x1c00unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                .rsrc0x2e200000x27b00x2800False0.765234375data6.4583593165IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .reloc0x2e230000x120900x12200False0.0806438577586data1.03261740787IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountry
                                                                                RT_ICON0x2e200f00x25a8dBase III DBT, version number 0, next free block index 40OriyaIndia
                                                                                RT_GROUP_ICON0x2e226980x14dataOriyaIndia
                                                                                RT_VERSION0x2e226b00x100dataManipuriIndia

                                                                                Imports

                                                                                DLLImport
                                                                                KERNEL32.dllWriteConsoleInputW, CopyFileExW, TlsGetValue, SetLocalTime, GetDriveTypeW, GetNumberOfConsoleInputEvents, FindResourceExW, MapUserPhysicalPages, InterlockedIncrement, GetQueuedCompletionStatus, GetCommState, InterlockedDecrement, ScrollConsoleScreenBufferW, QueryDosDeviceA, WaitForSingleObject, OpenSemaphoreA, CallNamedPipeW, GetModuleHandleW, GetPrivateProfileStringW, GetConsoleTitleA, FindActCtxSectionStringA, WriteFileGather, CreateDirectoryExW, GetVolumeInformationA, Sleep, GetSystemTimeAdjustment, GlobalFlags, Beep, SetMessageWaitingIndicator, WritePrivateProfileSectionW, IsDBCSLeadByte, ReadFile, CreateFileW, GetBinaryTypeW, GetACP, lstrlenW, VerifyVersionInfoW, CreateDirectoryA, GetStdHandle, OpenMutexW, GetCurrentDirectoryW, FindFirstFileW, GetComputerNameExW, SetVolumeLabelW, WriteProfileSectionA, ReadFileEx, SetComputerNameA, CreateMemoryResourceNotification, GetPrivateProfileStringA, SetFileApisToOEM, GetAtomNameA, Process32FirstW, OpenWaitableTimerW, LocalAlloc, IsSystemResumeAutomatic, SetConsoleOutputCP, AddAtomW, SetCurrentDirectoryW, GetCommMask, SetCommMask, GetPrivateProfileStructA, EnumResourceTypesW, SetConsoleCursorInfo, GetThreadPriority, SetConsoleTitleW, GetModuleHandleA, FreeEnvironmentStringsW, EnumResourceNamesA, BuildCommDCBA, CompareStringA, SetCalendarInfoA, GetVersionExA, GetWindowsDirectoryW, GetCurrentProcessId, InterlockedPushEntrySList, GetProfileSectionW, ResumeThread, LCMapStringW, CloseHandle, SetStdHandle, GetConsoleMode, GetConsoleCP, GetProcAddress, GetFileSize, GetCommandLineW, HeapSetInformation, GetStartupInfoW, SetUnhandledExceptionFilter, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetSystemTimeAsFileTime, DecodePointer, ExitProcess, GetModuleFileNameW, GetEnvironmentStringsW, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, HeapValidate, IsBadReadPtr, EncodePointer, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetLastError, HeapCreate, WriteFile, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, GetOEMCP, GetCPInfo, IsValidCodePage, EnterCriticalSection, LeaveCriticalSection, LoadLibraryW, HeapAlloc, GetModuleFileNameA, HeapReAlloc, HeapSize, HeapQueryInformation, HeapFree, GetStringTypeW, MultiByteToWideChar, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, WideCharToMultiByte, IsProcessorFeaturePresent, RaiseException, SetFilePointer, FlushFileBuffers
                                                                                USER32.dllGetCursorInfo, GetMessageTime, GetMenuBarInfo
                                                                                ADVAPI32.dllInitiateSystemShutdownA

                                                                                Version Infos

                                                                                DescriptionData
                                                                                Translations0x37a5 0x013c

                                                                                Possible Origin

                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                OriyaIndia

                                                                                Network Behavior

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Jun 16, 2021 12:18:18.700192928 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:18.751959085 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:18.752062082 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:18.753031969 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:18.805150986 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:18.806452990 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:18.806902885 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:19.562402964 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:19.562658072 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:22.639333010 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:22.639816046 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:22.691668987 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:22.691694021 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:22.691781998 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:22.692193031 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:22.697524071 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:22.754889965 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:22.762758970 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:22.762794971 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:22.814676046 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:23.381575108 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:23.435425997 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:23.993565083 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:24.044845104 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:24.097034931 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:24.097100019 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:24.097119093 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:24.097157001 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:24.148834944 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:24.148874044 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:24.149008036 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:24.152005911 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:25.215761900 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:25.215965986 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:25.267777920 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:25.267808914 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:25.267873049 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:25.320050001 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:25.373076916 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:25.425077915 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:25.425184011 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:25.477209091 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:25.477360964 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:25.683806896 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:25.683904886 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:26.253900051 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:26.256299973 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:26.308178902 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:26.308270931 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:26.360141993 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:26.365590096 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:26.417972088 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:26.418009996 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:26.418129921 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:33.669842005 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:33.669969082 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:33.721764088 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:33.721816063 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:33.721992016 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:33.773736000 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:33.858211994 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:34.714751959 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:34.764482975 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:34.816693068 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:34.816730976 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:34.816806078 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:34.869000912 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:34.869107962 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:34.920892000 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:34.921015024 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:42.425961018 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:42.429559946 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:51.058224916 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:51.109724998 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:18:51.161659956 CEST44349757185.45.192.246192.168.2.4
                                                                                Jun 16, 2021 12:18:51.161906004 CEST49757443192.168.2.4185.45.192.246
                                                                                Jun 16, 2021 12:19:22.628106117 CEST49757443192.168.2.4185.45.192.246

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Jun 16, 2021 12:17:19.656229973 CEST6464653192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:19.706969976 CEST53646468.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:19.743155003 CEST6529853192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:19.810436010 CEST53652988.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:19.831348896 CEST5912353192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:19.898724079 CEST53591238.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:20.056612968 CEST5453153192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:20.118191004 CEST53545318.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:20.172502995 CEST4971453192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:20.222691059 CEST53497148.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:20.395942926 CEST5802853192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:20.446078062 CEST53580288.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:21.647155046 CEST5309753192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:21.707087040 CEST53530978.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:22.803925991 CEST4925753192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:22.856972933 CEST53492578.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:24.344460964 CEST6238953192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:24.356291056 CEST4991053192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:24.407058954 CEST53623898.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:24.426217079 CEST53499108.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:27.720778942 CEST5585453192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:27.779970884 CEST53558548.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:28.566200972 CEST6454953192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:28.617233038 CEST53645498.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:29.711544991 CEST6315353192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:29.762373924 CEST53631538.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:31.114398003 CEST5299153192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:31.170665026 CEST53529918.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:31.914294004 CEST5370053192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:31.970268011 CEST53537008.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:33.093816996 CEST5172653192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:33.144041061 CEST53517268.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:33.893985987 CEST5679453192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:33.947418928 CEST53567948.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:35.765221119 CEST5653453192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:35.816741943 CEST53565348.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:36.541754961 CEST5662753192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:36.592400074 CEST53566278.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:37.660267115 CEST5662153192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:37.724587917 CEST53566218.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:38.818027973 CEST6311653192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:38.868201017 CEST53631168.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:39.919960976 CEST6407853192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:39.979248047 CEST53640788.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:41.417524099 CEST6480153192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:41.473579884 CEST53648018.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:42.519942999 CEST6172153192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:42.578669071 CEST53617218.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:44.798849106 CEST5125553192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:44.848982096 CEST53512558.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:45.694266081 CEST6152253192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:45.747250080 CEST53615228.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:17:54.076277971 CEST5233753192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:17:54.143223047 CEST53523378.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:14.895262957 CEST5504653192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:14.949043989 CEST53550468.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:15.437140942 CEST4961253192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:15.641125917 CEST53496128.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:16.332027912 CEST4928553192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:16.471373081 CEST53492858.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:16.529882908 CEST5060153192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:16.605071068 CEST53506018.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:17.120949984 CEST6087553192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:17.183058023 CEST53608758.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:17.690159082 CEST5644853192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:17.751863003 CEST53564488.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:18.392752886 CEST5917253192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:18.460015059 CEST53591728.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:18.631515026 CEST6242053192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:18.697432995 CEST53624208.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:19.038244009 CEST6057953192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:19.097935915 CEST53605798.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:19.798082113 CEST5018353192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:19.857009888 CEST53501838.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:20.976922035 CEST6153153192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:21.041924000 CEST53615318.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:21.965338945 CEST4922853192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:22.025727987 CEST53492288.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:22.585755110 CEST5979453192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:22.644242048 CEST53597948.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:18:32.161355972 CEST5591653192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:18:32.222836018 CEST53559168.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:19:06.238332033 CEST5275253192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:19:06.305054903 CEST53527528.8.8.8192.168.2.4
                                                                                Jun 16, 2021 12:19:12.065867901 CEST6054253192.168.2.48.8.8.8
                                                                                Jun 16, 2021 12:19:12.141135931 CEST53605428.8.8.8192.168.2.4

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                Jun 16, 2021 12:18:18.631515026 CEST192.168.2.48.8.8.80xb72Standard query (0)hewilldoit.xyzA (IP address)IN (0x0001)

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                Jun 16, 2021 12:18:18.697432995 CEST8.8.8.8192.168.2.40xb72No error (0)hewilldoit.xyz185.45.192.246A (IP address)IN (0x0001)

                                                                                Code Manipulations

                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                Analysis Process: xax2K3BWhm.exe PID: 6992 Parent PID: 6044

                                                                                General

                                                                                Start time:12:17:26
                                                                                Start date:16/06/2021
                                                                                Path:C:\Users\user\Desktop\xax2K3BWhm.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Users\user\Desktop\xax2K3BWhm.exe'
                                                                                Imagebase:0x400000
                                                                                File size:297984 bytes
                                                                                MD5 hash:E3686E4E0ED04A1FD38BB5060CB2441E
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low

                                                                                Chronological Activities

                                                                                Analysis Process: xax2K3BWhm.exe PID: 6136 Parent PID: 6992

                                                                                General

                                                                                Start time:12:17:34
                                                                                Start date:16/06/2021
                                                                                Path:C:\Users\user\Desktop\xax2K3BWhm.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:'C:\Users\user\Desktop\xax2K3BWhm.exe'
                                                                                Imagebase:0x400000
                                                                                File size:297984 bytes
                                                                                MD5 hash:E3686E4E0ED04A1FD38BB5060CB2441E
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.715843467.0000000000580000.00000004.00000001.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.715911224.0000000001F61000.00000004.00000001.sdmp, Author: Joe Security
                                                                                Reputation:low

                                                                                Chronological Activities

                                                                                Analysis Process: explorer.exe PID: 3424 Parent PID: 6136

                                                                                General

                                                                                Start time:12:17:41
                                                                                Start date:16/06/2021
                                                                                Path:C:\Windows\explorer.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\Explorer.EXE
                                                                                Imagebase:0x7ff6fee60000
                                                                                File size:3933184 bytes
                                                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high

                                                                                Chronological Activities

                                                                                Analysis Process: ahafdus PID: 6224 Parent PID: 968

                                                                                General

                                                                                Start time:12:18:19
                                                                                Start date:16/06/2021
                                                                                Path:C:\Users\user\AppData\Roaming\ahafdus
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\Users\user\AppData\Roaming\ahafdus
                                                                                Imagebase:0x400000
                                                                                File size:297984 bytes
                                                                                MD5 hash:E3686E4E0ED04A1FD38BB5060CB2441E
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Antivirus matches:
                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                • Detection: 45%, ReversingLabs
                                                                                Reputation:low

                                                                                Chronological Activities

                                                                                Analysis Process: ahafdus PID: 4832 Parent PID: 6224

                                                                                General

                                                                                Start time:12:18:27
                                                                                Start date:16/06/2021
                                                                                Path:C:\Users\user\AppData\Roaming\ahafdus
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\Users\user\AppData\Roaming\ahafdus
                                                                                Imagebase:0x400000
                                                                                File size:297984 bytes
                                                                                MD5 hash:E3686E4E0ED04A1FD38BB5060CB2441E
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000E.00000002.788412687.00000000004A0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000E.00000002.788476185.0000000000521000.00000004.00000001.sdmp, Author: Joe Security
                                                                                Reputation:low

                                                                                Chronological Activities

                                                                                Disassembly

                                                                                Code Analysis

                                                                                Reset < >

                                                                                  Analysis Process: xax2K3BWhm.exe PID: 6992 Parent PID: 6044 xax2K3BWhm.exeCOMMON

                                                                                  Executed Functions

                                                                                  Function 03390110, Relevance: 22.7, APIs: 15, Instructions: 248memorynativethreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • VirtualAlloc.KERNELBASE(00000000,00002800,00001000,00000004), ref: 03390156
                                                                                  • GetModuleFileNameA.KERNELBASE(00000000,?,00002800), ref: 0339016C
                                                                                  • CreateProcessA.KERNELBASE(?,00000000), ref: 03390255
                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 03390270
                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 03390283
                                                                                  • GetThreadContext.KERNELBASE(00000000,?), ref: 0339029F
                                                                                  • ReadProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 033902C8
                                                                                  • NtUnmapViewOfSection.NTDLL(00000000,?), ref: 033902E3
                                                                                  • VirtualAllocEx.KERNELBASE(00000000,?,?,00003000,00000040), ref: 03390304
                                                                                  • NtWriteVirtualMemory.NTDLL(00000000,?,?,00000000,00000000), ref: 0339032A
                                                                                  • NtWriteVirtualMemory.NTDLL(00000000,00000000,?,00000002,00000000), ref: 03390399
                                                                                  • WriteProcessMemory.KERNELBASE(00000000,?,?,00000004,00000000), ref: 033903BF
                                                                                  • SetThreadContext.KERNELBASE(00000000,?), ref: 033903E1
                                                                                  • ResumeThread.KERNELBASE(00000000), ref: 033903ED
                                                                                  • ExitProcess.KERNEL32(00000000), ref: 03390412
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.657449917.0000000003390000.00000040.00000001.sdmp, Offset: 03390000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: Virtual$MemoryProcess$AllocThreadWrite$Context$CreateExitFileFreeModuleNameReadResumeSectionUnmapView
                                                                                  • String ID:
                                                                                  • API String ID: 2875986403-0
                                                                                  • Opcode ID: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                  • Instruction ID: 0ad89981a590bea4cafd26eb41eb6532c1bdbdddd8a660a7f5c42096bb6fac0f
                                                                                  • Opcode Fuzzy Hash: ec80134effe49fee59cfb16798ca45a1398515b3278bf894a8b0bf22fdce02bc
                                                                                  • Instruction Fuzzy Hash: 3CB1B574A00208EFDB44CF98C895F9EBBB5BF88314F248158E949AB391D771AE41CF94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 03390420, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 113COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateWindowExA.USER32(00000200,saodkfnosa9uin,mfoaskdfnoa,00CF0000,80000000,80000000,000003E8,000003E8,00000000,00000000,00000000,00000000), ref: 03390533
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.657449917.0000000003390000.00000040.00000001.sdmp, Offset: 03390000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: CreateWindow
                                                                                  • String ID: 0$d$mfoaskdfnoa$saodkfnosa9uin
                                                                                  • API String ID: 716092398-2341455598
                                                                                  • Opcode ID: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                  • Instruction ID: ec97e579c32438e43cf9cfa28225a5ee86a0a8d893664f9d12fe3d2d079ae7e8
                                                                                  • Opcode Fuzzy Hash: bb9b397fb3b679a7694c33bc0dbf232ca5c2d59a4e09fc52e4db1d59d2773c33
                                                                                  • Instruction Fuzzy Hash: EF510770D08388DAFF15CBA8C849BEDBFB6AF11708F144099D5447F286C3BA5658CB66
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 033905B0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesA.KERNELBASE(apfHQ), ref: 033905EC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.657449917.0000000003390000.00000040.00000001.sdmp, Offset: 03390000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID: apfHQ$o
                                                                                  • API String ID: 3188754299-2999369273
                                                                                  • Opcode ID: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                  • Instruction ID: 8e4a54065b6bda2f1f1b2395218cce578188ad7790f070a3fcd40d5953ce3104
                                                                                  • Opcode Fuzzy Hash: af0d3c0451304eea9a95bfbcf33a37b8699cda851cd8c30db079f59d0d7bd2d6
                                                                                  • Instruction Fuzzy Hash: 7F012170C0424CEEEF14DB98C5583AEBFB5AF41308F1880DDC4592B241D7769B98CBA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405070, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEncodePointer.NTDLL(00000000,?,00401FDB,?,?,004051E0), ref: 00405077
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.656664630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.656632111.0000000000400000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000000.00000002.656720516.000000000042A000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000000.00000002.656773536.0000000000434000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000000.00000002.657049687.0000000003220000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: EncodePointer
                                                                                  • String ID:
                                                                                  • API String ID: 2118026453-0
                                                                                  • Opcode ID: e8c59c7f186ead1354c89da7bed2a929a77afc98557f3655b0735f83858ab6a8
                                                                                  • Instruction ID: ce2cf03da6668df278146e09aaa6d0018dafec69fb0e5179062e378a285df10b
                                                                                  • Opcode Fuzzy Hash: e8c59c7f186ead1354c89da7bed2a929a77afc98557f3655b0735f83858ab6a8
                                                                                  • Instruction Fuzzy Hash: C7A0123114420867D61012826809B113A0CD3C4631F840010F50C0104109515421C056
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401020, Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			_entry_() {
				void* _t3;

				E004019C0(); // executed
				return L00401040(_t3);
			}




                                                                                  0x00401025
                                                                                  0x00401030

                                                                                  APIs
                                                                                  • ___security_init_cookie.LIBCMTD ref: 00401025
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.656664630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.656632111.0000000000400000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000000.00000002.656720516.000000000042A000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000000.00000002.656773536.0000000000434000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000000.00000002.657049687.0000000003220000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ___security_init_cookie
                                                                                  • String ID:
                                                                                  • API String ID: 3657697845-0
                                                                                  • Opcode ID: d3dc5c4b41ae61946b84d93af9f66b0a8548463c834c62d9f40a2af410833d7d
                                                                                  • Instruction ID: 65fcf6498c3837d3989d9bbcbb1c5a340fd6e4012f46befd72195a850078bf57
                                                                                  • Opcode Fuzzy Hash: d3dc5c4b41ae61946b84d93af9f66b0a8548463c834c62d9f40a2af410833d7d
                                                                                  • Instruction Fuzzy Hash: CAA002D5014AC857815033A70457B8A758D48C0798B99003A7698325A71C7CA94180AE
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Non-executed Functions

                                                                                  Function 00406C70, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 85%
                                                                                  			E00406C70(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				long _t15;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t29;
				void* _t34;

				_t25 = __esi;
				_t24 = __edi;
				_t22 = __edx;
				_t20 = __ecx;
				_t19 = __ebx;
				_t6 = __eax;
				_t34 = _t20 -  *0x434064; // 0x41b17641
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x436490 = _t6;
				 *0x43648c = _t20;
				 *0x436488 = _t22;
				 *0x436484 = _t19;
				 *0x436480 = _t25;
				 *0x43647c = _t24;
				 *0x4364a8 = ss;
				 *0x43649c = cs;
				 *0x436478 = ds;
				 *0x436474 = es;
				 *0x436470 = fs;
				 *0x43646c = gs;
				asm("pushfd");
				_pop( *0x4364a0);
				 *0x436494 =  *_t29;
				 *0x436498 = _v0;
				 *0x4364a4 =  &_a4;
				 *0x4363e0 = 0x10001;
				_t11 =  *0x436498; // 0x0
				 *0x436394 = _t11;
				 *0x436388 = 0xc0000409;
				 *0x43638c = 1;
				_t21 =  *0x434064; // 0x41b17641
				_v812 = _t21;
				_t23 =  *0x434068; // 0xbe4e89be
				_v808 = _t23;
				 *0x4363d8 = IsDebuggerPresent();
				_push(1);
				E00409AA0(_t12);
				SetUnhandledExceptionFilter(0);
				_t15 = UnhandledExceptionFilter(0x42ed44);
				if( *0x4363d8 == 0) {
					_push(1);
					E00409AA0(_t15);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                  0x00406c70
                                                                                  0x00406c70
                                                                                  0x00406c70
                                                                                  0x00406c70
                                                                                  0x00406c70
                                                                                  0x00406c70
                                                                                  0x00406c70
                                                                                  0x00406c76
                                                                                  0x00406c78
                                                                                  0x00406c78
                                                                                  0x0040e68b
                                                                                  0x0040e690
                                                                                  0x0040e696
                                                                                  0x0040e69c
                                                                                  0x0040e6a2
                                                                                  0x0040e6a8
                                                                                  0x0040e6ae
                                                                                  0x0040e6b5
                                                                                  0x0040e6bc
                                                                                  0x0040e6c3
                                                                                  0x0040e6ca
                                                                                  0x0040e6d1
                                                                                  0x0040e6d8
                                                                                  0x0040e6d9
                                                                                  0x0040e6e2
                                                                                  0x0040e6ea
                                                                                  0x0040e6f2
                                                                                  0x0040e6fd
                                                                                  0x0040e707
                                                                                  0x0040e70c
                                                                                  0x0040e711
                                                                                  0x0040e71b
                                                                                  0x0040e725
                                                                                  0x0040e72b
                                                                                  0x0040e731
                                                                                  0x0040e737
                                                                                  0x0040e743
                                                                                  0x0040e748
                                                                                  0x0040e74a
                                                                                  0x0040e754
                                                                                  0x0040e75f
                                                                                  0x0040e76c
                                                                                  0x0040e76e
                                                                                  0x0040e770
                                                                                  0x0040e775
                                                                                  0x0040e78d

                                                                                  APIs
                                                                                  • IsDebuggerPresent.KERNEL32 ref: 0040E73D
                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040E754
                                                                                  • UnhandledExceptionFilter.KERNEL32(0042ED44), ref: 0040E75F
                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 0040E77D
                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 0040E784
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.656664630.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.656632111.0000000000400000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000000.00000002.656720516.000000000042A000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000000.00000002.656773536.0000000000434000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000000.00000002.657049687.0000000003220000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 2579439406-0
                                                                                  • Opcode ID: 889f0cb92b701deaebf738efb1c4fa48df866a2a0879cc815450c03b377ce601
                                                                                  • Instruction ID: d2873b0b63ff58c10382ecb40d48594bcac17d234640a41cbdb98bc43e736f3f
                                                                                  • Opcode Fuzzy Hash: 889f0cb92b701deaebf738efb1c4fa48df866a2a0879cc815450c03b377ce601
                                                                                  • Instruction Fuzzy Hash: 762122B4900302AFE700CF25FD856543BB4FB68724F42A03AE909933A1E3766895CF5E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 03390042, Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.657449917.0000000003390000.00000040.00000001.sdmp, Offset: 03390000, based on PE: false
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                  • Instruction ID: 3df90996424fc366fa41e5fee3d87864b0c062e8157d9a3c253725c4db076de2
                                                                                  • Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
                                                                                  • Instruction Fuzzy Hash: A3118272340100DFEB58DF65DCD1FA673EAEB88220B1A8156ED08CB311D67AE841C760
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Analysis Process: xax2K3BWhm.exe PID: 6136 Parent PID: 6992 xax2K3BWhm.exeCOMMON

                                                                                  Executed Functions

                                                                                  Function 004017CF, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.715207835.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b73f49d69ce8a83511e0385fdca7b9e6308d661dd6d68c6a301460ca41beaec2
                                                                                  • Instruction ID: cbbf32c5e2e10350ea02e432cad34c2c1c90d590ab6938e2c4876749d7290e64
                                                                                  • Opcode Fuzzy Hash: b73f49d69ce8a83511e0385fdca7b9e6308d661dd6d68c6a301460ca41beaec2
                                                                                  • Instruction Fuzzy Hash: E611C233208204AAD7017AA59C41EE93755AB44364F24C937F653B90E2D67ECB12A36B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004017F6, Relevance: 3.1, APIs: 2, Instructions: 51sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 16%
                                                                                  			E004017F6(void* __eflags, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t8;
				void* _t11;
				intOrPtr _t13;
				void* _t16;
				intOrPtr* _t17;
				void* _t20;
				void* _t21;
				void* _t22;
				intOrPtr* _t23;

				_t27 = __fp0;
				_t25 = __eflags;
				_t8 = 0x182a;
				L00401123(_t8, _t16, _t21, _t22, __eflags, __fp0);
				_t17 = _a4;
				Sleep(0x1388);
				_t11 = L0040135B(_t20, _t25, _t17, _a8, _a12,  &_v8); // executed
				_t26 = _t11;
				if(_t11 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t11);
					_push(_t17); // executed
					E00401434(_t20, __fp0); // executed
				}
				 *_t17(0xffffffff, 0); // executed
				_push(0x182a);
				_t13 =  *_t23;
				return L00401123(_t13, _t17, _t21, _t22, _t26, _t27);
			}

















                                                                                  0x004017f6
                                                                                  0x004017f6
                                                                                  0x0040180c
                                                                                  0x00401825
                                                                                  0x0040182a
                                                                                  0x00401832
                                                                                  0x00401840
                                                                                  0x00401845
                                                                                  0x00401847
                                                                                  0x00401849
                                                                                  0x0040184c
                                                                                  0x0040184f
                                                                                  0x00401850
                                                                                  0x00401851
                                                                                  0x00401851
                                                                                  0x0040185a
                                                                                  0x00401861
                                                                                  0x00401866
                                                                                  0x0040188e

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.715207835.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: 6a7cf19de6761fce0083085474fd9223dd0ae502fe144c85d3bedb33ae351366
                                                                                  • Instruction ID: f44c0c678efd7cc1f0db04d016b1e08d4b92527be734d4edd411b9c4bc48f7d8
                                                                                  • Opcode Fuzzy Hash: 6a7cf19de6761fce0083085474fd9223dd0ae502fe144c85d3bedb33ae351366
                                                                                  • Instruction Fuzzy Hash: 57018F33608208E6EB017A919C41EAA362DAB44354F20C437FA13790F1D63DDB22636F
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040180F, Relevance: 3.0, APIs: 2, Instructions: 46sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 15%
                                                                                  			E0040180F(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t8;
				void* _t11;
				intOrPtr _t13;
				intOrPtr* _t17;
				void* _t21;
				void* _t25;
				void* _t27;
				intOrPtr* _t29;

				_t34 = __fp0;
				_t32 = __eflags;
				_t22 = __edi;
				_t25 = __esi + 1;
				asm("insb");
				_t8 = 0x182a;
				L00401123(_t8, __ebx, __edi, _t25, __eflags, __fp0);
				_t17 =  *((intOrPtr*)(_t27 + 8));
				Sleep(0x1388);
				_t11 = L0040135B(_t21, _t32, _t17,  *((intOrPtr*)(_t27 + 0xc)),  *((intOrPtr*)(_t27 + 0x10)), _t27 - 4); // executed
				_t33 = _t11;
				if(_t11 != 0) {
					_push( *((intOrPtr*)(_t27 + 0x14)));
					_push( *((intOrPtr*)(_t27 - 4)));
					_push(_t11);
					_push(_t17); // executed
					E00401434(_t21, __fp0); // executed
				}
				 *_t17(0xffffffff, 0); // executed
				_push(0x182a);
				_t13 =  *_t29;
				return L00401123(_t13, _t17, _t22, _t25, _t33, _t34);
			}











                                                                                  0x0040180f
                                                                                  0x0040180f
                                                                                  0x0040180f
                                                                                  0x0040180f
                                                                                  0x00401810
                                                                                  0x0040180c
                                                                                  0x00401825
                                                                                  0x0040182a
                                                                                  0x00401832
                                                                                  0x00401840
                                                                                  0x00401845
                                                                                  0x00401847
                                                                                  0x00401849
                                                                                  0x0040184c
                                                                                  0x0040184f
                                                                                  0x00401850
                                                                                  0x00401851
                                                                                  0x00401851
                                                                                  0x0040185a
                                                                                  0x00401861
                                                                                  0x00401866
                                                                                  0x0040188e

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.715207835.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: b15120a212d8611f77249b5fd85c79ee98f4ca06b2b3712986372b675c672e64
                                                                                  • Instruction ID: 48acae04af8da51ef02e9849ebfc680ab818ef24d21f43ef1aab5928ff4008e5
                                                                                  • Opcode Fuzzy Hash: b15120a212d8611f77249b5fd85c79ee98f4ca06b2b3712986372b675c672e64
                                                                                  • Instruction Fuzzy Hash: F7F06D33608204E6DB057A919C41EAA3629EB44354F20D437FA13790F1D63DCB22676B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401801, Relevance: 3.0, APIs: 2, Instructions: 45sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 15%
                                                                                  			E00401801(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0) {
				void* _t9;
				void* _t12;
				intOrPtr _t14;
				intOrPtr* _t18;
				void* _t24;
				void* _t29;
				intOrPtr* _t31;
				void* _t34;

				_t36 = __fp0;
				_t27 = __esi;
				_t25 = __edi;
				_t34 = __eax - 0x41;
				asm("rol byte [ecx+0x49], 0xde");
				_t9 = 0x182a;
				L00401123(_t9, __ebx, __edi, __esi, _t34, __fp0);
				_t18 =  *((intOrPtr*)(_t29 + 8));
				Sleep(0x1388);
				_t12 = L0040135B(_t24, _t34, _t18,  *((intOrPtr*)(_t29 + 0xc)),  *((intOrPtr*)(_t29 + 0x10)), _t29 - 4); // executed
				_t35 = _t12;
				if(_t12 != 0) {
					_push( *((intOrPtr*)(_t29 + 0x14)));
					_push( *((intOrPtr*)(_t29 - 4)));
					_push(_t12);
					_push(_t18); // executed
					E00401434(_t24, __fp0); // executed
				}
				 *_t18(0xffffffff, 0); // executed
				_push(0x182a);
				_t14 =  *_t31;
				return L00401123(_t14, _t18, _t25, _t27, _t35, _t36);
			}











                                                                                  0x00401801
                                                                                  0x00401801
                                                                                  0x00401801
                                                                                  0x00401801
                                                                                  0x00401803
                                                                                  0x0040180c
                                                                                  0x00401825
                                                                                  0x0040182a
                                                                                  0x00401832
                                                                                  0x00401840
                                                                                  0x00401845
                                                                                  0x00401847
                                                                                  0x00401849
                                                                                  0x0040184c
                                                                                  0x0040184f
                                                                                  0x00401850
                                                                                  0x00401851
                                                                                  0x00401851
                                                                                  0x0040185a
                                                                                  0x00401861
                                                                                  0x00401866
                                                                                  0x0040188e

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.715207835.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: 0b4fff528f7343fdf6ce3e90feea1017d92b5691bb2728036937f774f84db527
                                                                                  • Instruction ID: 119cae1355dad8a7e2970d485ac4cea4613771891b78224641446a0799fa45cc
                                                                                  • Opcode Fuzzy Hash: 0b4fff528f7343fdf6ce3e90feea1017d92b5691bb2728036937f774f84db527
                                                                                  • Instruction Fuzzy Hash: E401D133608204E6EB017A959C41EA9332AAB44354F20C437FA13B90F1D63DCB23636F
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401813, Relevance: 3.0, APIs: 2, Instructions: 40sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 19%
                                                                                  			E00401813(void* __eax, void* __ebx, void* __edi, void* __esi, void* __fp0) {
				void* _t12;
				intOrPtr _t14;
				intOrPtr* _t18;
				void* _t22;
				void* _t27;
				intOrPtr* _t29;
				void* _t32;

				_t34 = __fp0;
				_t25 = __esi;
				_t23 = __edi;
				_t9 = __eax + 0xeb530ceb;
				_t32 = __eax + 0xeb530ceb;
				L00401123(_t9, __ebx, __edi, __esi, _t32, __fp0);
				_t18 =  *((intOrPtr*)(_t27 + 8));
				Sleep(0x1388);
				_t12 = L0040135B(_t22, _t32, _t18,  *((intOrPtr*)(_t27 + 0xc)),  *((intOrPtr*)(_t27 + 0x10)), _t27 - 4); // executed
				_t33 = _t12;
				if(_t12 != 0) {
					_push( *((intOrPtr*)(_t27 + 0x14)));
					_push( *((intOrPtr*)(_t27 - 4)));
					_push(_t12);
					_push(_t18); // executed
					E00401434(_t22, __fp0); // executed
				}
				 *_t18(0xffffffff, 0); // executed
				_push(0x182a);
				_t14 =  *_t29;
				return L00401123(_t14, _t18, _t23, _t25, _t33, _t34);
			}










                                                                                  0x00401813
                                                                                  0x00401813
                                                                                  0x00401813
                                                                                  0x00401813
                                                                                  0x00401813
                                                                                  0x00401825
                                                                                  0x0040182a
                                                                                  0x00401832
                                                                                  0x00401840
                                                                                  0x00401845
                                                                                  0x00401847
                                                                                  0x00401849
                                                                                  0x0040184c
                                                                                  0x0040184f
                                                                                  0x00401850
                                                                                  0x00401851
                                                                                  0x00401851
                                                                                  0x0040185a
                                                                                  0x00401861
                                                                                  0x00401866
                                                                                  0x0040188e

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.715207835.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: 63528e0b3e8530a06502082b2d99fd6855e4d61733b598eccadb50dbd4e00aa0
                                                                                  • Instruction ID: c56155a672da13c71d9fce5e41de725e450be6a981e5abff0929b3f9d7449b23
                                                                                  • Opcode Fuzzy Hash: 63528e0b3e8530a06502082b2d99fd6855e4d61733b598eccadb50dbd4e00aa0
                                                                                  • Instruction Fuzzy Hash: E5F04F33648208EBDB047A959C41EAA3329AB44354F248437FA12791E1C63DCB22A76B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401820, Relevance: 3.0, APIs: 2, Instructions: 40sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.715207835.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: 0b233a373609587fd224fb939b9a75234c43ffa1b5ed46427ab1088abd2792a2
                                                                                  • Instruction ID: e8af3458e311d1aad7381624eb2d4812aedbb4c11a195dc2f5e0b7f7a2a653d5
                                                                                  • Opcode Fuzzy Hash: 0b233a373609587fd224fb939b9a75234c43ffa1b5ed46427ab1088abd2792a2
                                                                                  • Instruction Fuzzy Hash: 62F06233604104EBDB017F919C41EAE3629EB44354F248437FB12791E2C63DCB22675B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D84967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6D891C65,000000FF,00000007,?,00000004,00000000,?,?,?,6D891951,00000065,00000000,?,6D890C5E,?,00000000), ref: 6D849694
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: f33a61b368a1e000bc860100b8e3448b0896fa99e68c1bce5a353acef9cd092d
                                                                                  • Instruction ID: 3191c570f4b37897dbfe55975fe7a6de661e0a7cee0f79100fd6d1ad4976113e
                                                                                  • Opcode Fuzzy Hash: f33a61b368a1e000bc860100b8e3448b0896fa99e68c1bce5a353acef9cd092d
                                                                                  • Instruction Fuzzy Hash: 2BB02BB18020C5C6D201E360070C7173D0077C0300F13C425E1020700E0338C0D0F1B2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D849780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6D891A79,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004), ref: 6D84978A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: d423908dc9b1637e01209c03b8b03014b6133ba44c6aea393d12a6ea1c801ad8
                                                                                  • Instruction ID: d3ddd7bd7555294e9ffe7becf972be756d207792c145b58bf6ea3d1df8ac2292
                                                                                  • Opcode Fuzzy Hash: d423908dc9b1637e01209c03b8b03014b6133ba44c6aea393d12a6ea1c801ad8
                                                                                  • Instruction Fuzzy Hash: 4D9002A921300013D1C17159540C60A040597D1242FD1D825A4005A28CC9558CBD6362
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D849600, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6D80ED52,?,?,?,?,00020019,00000018,?,?,?,?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000), ref: 6D84960A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: c2f4679f951fb0c70ad4faa6c056ac25d2bf5dd976f001064a9d7139982b9aef
                                                                                  • Instruction ID: 3c4ed409376ef7b98f435f17ca35d42aeb3635b14dedee922292bf901111b367
                                                                                  • Opcode Fuzzy Hash: c2f4679f951fb0c70ad4faa6c056ac25d2bf5dd976f001064a9d7139982b9aef
                                                                                  • Instruction Fuzzy Hash: 0B9002B120100453D14162594408B4A4505A7E0341F91C425A4404B24D85958CB57162
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D849660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6D8918BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6D8E0810,0000001C,6D891616), ref: 6D84966A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: ba191c262a773ca55b6bd6f0e4e1038e9582c5e106829af9a090e1c14b802b1c
                                                                                  • Instruction ID: 07075de7089475ddb0284d1e6bfbfb59394efb1e271f8fecb731cf4c6c7e8d34
                                                                                  • Opcode Fuzzy Hash: ba191c262a773ca55b6bd6f0e4e1038e9582c5e106829af9a090e1c14b802b1c
                                                                                  • Instruction Fuzzy Hash: 009002B120100813D1C17159440864A040597D1341FD1C425A4015B24DCA558EAD77E2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8499A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6D891A59,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6D8499AA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: fa5f417c2a608ca377ac954041b08ec9d1ed3782107c6c458f387074733a6511
                                                                                  • Instruction ID: b70beed176b898d726ec9108d07aa31069694078d940839969aef6d0989b680c
                                                                                  • Opcode Fuzzy Hash: fa5f417c2a608ca377ac954041b08ec9d1ed3782107c6c458f387074733a6511
                                                                                  • Instruction Fuzzy Hash: C29002E134100453D14161594418B060405D7E1341F91C425E5054A24D8659CCA67167
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8498C0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6D89108E,000000FF,000000FF,000000FF,?,001FFFFF,00000002,00000000,6D8E07D0,00000058,6D890C91,?,00000000,?,00000000), ref: 6D8498CA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: ba3ecc0543efd7ac8f53fa4530dfc6adc59d7ae180d4536e5c4396e2b7683f7d
                                                                                  • Instruction ID: de1768036164d39aab1174fffd024c2dc025e1c9e7fc1e46ab5524c0317c6987
                                                                                  • Opcode Fuzzy Hash: ba3ecc0543efd7ac8f53fa4530dfc6adc59d7ae180d4536e5c4396e2b7683f7d
                                                                                  • Instruction Fuzzy Hash: B89002A120100493E14261594408F06140997E0281FD1C426A5019A34D8655CDA6B266
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D849820, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6D862EA4,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?,00000002,?), ref: 6D84982A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 10e3f06b54d91d873d781f745b891a874a0f4b9c4f2e28c67d307fe6e34fb25e
                                                                                  • Instruction ID: 9923acd3ad70b5707cfd6623035d1c639dfd54134bb7a3363aa157fecafd5397
                                                                                  • Opcode Fuzzy Hash: 10e3f06b54d91d873d781f745b891a874a0f4b9c4f2e28c67d307fe6e34fb25e
                                                                                  • Instruction Fuzzy Hash: 869002B124100413D182715944086060409A7D0281FD1C422A4414A24E86958EAABAA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D849860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6D8915BB,00000073,?,00000008,00000000,?,00000568), ref: 6D84986A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: aa9a3c6adf75f54e5ed566640f8b764c11da047462fb525ce0a3b5758b7b62b9
                                                                                  • Instruction ID: b2e6f09f1f8b392cffe9b436f4de3362fe44e33b9ae4082b69e0449c6733dd8d
                                                                                  • Opcode Fuzzy Hash: aa9a3c6adf75f54e5ed566640f8b764c11da047462fb525ce0a3b5758b7b62b9
                                                                                  • Instruction Fuzzy Hash: 1C9002B120100423D15261594508707040997D0281FD1C822A4414A28D96968DA6B162
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004024A8, Relevance: 1.8, APIs: 1, Instructions: 279COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000001.656421026.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2e9e035efd2ca0915afdb3a6116c0988bfe73a535c34e1049f975523ea59d4de
                                                                                  • Instruction ID: be72390676253b5441c3ca06b9ba7b94e12ea35c9df958fb540d60e31bfc61d9
                                                                                  • Opcode Fuzzy Hash: 2e9e035efd2ca0915afdb3a6116c0988bfe73a535c34e1049f975523ea59d4de
                                                                                  • Instruction Fuzzy Hash: 42610E362141109FCB1599348D5ABE93720AF92B51F38267FE681BBDC1C2BE8407875E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040267B, Relevance: 1.6, APIs: 1, Instructions: 50libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 75%
                                                                                  			E0040267B(void* __eflags, void* _a4, void* _a8) {
				void* _v8;
				void* _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t9;
				void* _t16;
				void* _t20;
				void* _t22;
				void* _t27;
				void* _t29;

				_t27 = __eflags;
				while(1) {
					_t9 = 0x26ab;
					_push(0x56);
					L00401123(_t9, _t16, _t20, _t22, _t27, _t29);
				}
			}















                                                                                  0x0040267b
                                                                                  0x00402694
                                                                                  0x0040268f
                                                                                  0x0040269c
                                                                                  0x004026a6
                                                                                  0x004026a6

                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004026C1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000001.656421026.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: c4ce89ce1dea90dd620e1f4901f7ac9758e81610a39e9d801fee484166875d3a
                                                                                  • Instruction ID: fbc6ab3d1527d8b9447920e47d686453090aad099745523244cc6b340fa9f4d2
                                                                                  • Opcode Fuzzy Hash: c4ce89ce1dea90dd620e1f4901f7ac9758e81610a39e9d801fee484166875d3a
                                                                                  • Instruction Fuzzy Hash: CA017C31608104E7DA00AA809E4DB6E7728AB54744F204837E6067A1C0CAFF5A17ABAF
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004026A2, Relevance: 1.5, APIs: 1, Instructions: 47libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 82%
                                                                                  			E004026A2(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _t9;
				void* _t23;
				void* _t26;
				void* _t35;
				void* _t37;

				_t26 = __esi;
				_t23 = __edi;
				_t16 = __ebx;
				_t35 = __ecx - __ebx;
				while(1) {
					_push(0x56);
					L00401123(_t9, _t16, _t23, _t26, _t35, _t37);
				}
			}








                                                                                  0x004026a2
                                                                                  0x004026a2
                                                                                  0x004026a2
                                                                                  0x004026a2
                                                                                  0x004026a3
                                                                                  0x0040269c
                                                                                  0x004026a6
                                                                                  0x004026a6

                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004026C1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000001.656421026.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: de90ccf865d1f4613dcd057b4d4ab55668c1ec09bc80e6fb3b301a476129328a
                                                                                  • Instruction ID: 7c0d1afcd9b3ff41f624c443e51164d77a4d4e577c27534a4d2a55a74a53b1e2
                                                                                  • Opcode Fuzzy Hash: de90ccf865d1f4613dcd057b4d4ab55668c1ec09bc80e6fb3b301a476129328a
                                                                                  • Instruction Fuzzy Hash: BF018B31608105EBDB409A40DB4DBAE7724AB54704F244873E6067E2C0C6FF9A27BB9F
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Non-executed Functions

                                                                                  Function 6D8BB260, Relevance: 91.3, APIs: 22, Strings: 30, Instructions: 262COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** Unhandled exception 0x%08lx, hit in %ws:%s,?,<unknown>,?,6D8E0DD8,00000018,6D8BB5A3,?,6D7E48A4,?,?,6D84B74A,6D7E1650,6D84B627), ref: 6D8BB2E6
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** A stack buffer overrun occurred in %ws:%s,<unknown>,?,6D8E0DD8,00000018,6D8BB5A3,?,6D7E48A4,?,?,6D84B74A,6D7E1650,6D84B627,6D84B627), ref: 6D8BB2FD
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.), ref: 6D8BB30C
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,If this bug ends up in the shipping product, it could be a severe security hole.), ref: 6D8BB31B
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,a NULL pointer), ref: 6D8BB4E7
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** enter .exr %p for the exception record,?), ref: 6D8BB4F8
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** enter .cxr %p for the context,?), ref: 6D8BB514
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** then kb to get the faulting stack), ref: 6D8BB523
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** Restarting wait on critsec or resource at %p (in %ws:%s),?,?,?), ref: 6D8BB546
                                                                                  • RtlReportException.BCCB(00000000,?,00000000), ref: 6D8BB566
                                                                                  Strings
                                                                                  • The resource is owned shared by %d threads, xrefs: 6D8BB37E
                                                                                  • The critical section is owned by thread %p., xrefs: 6D8BB3B9
                                                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 6D8BB2DC
                                                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 6D8BB314
                                                                                  • *** enter .cxr %p for the context, xrefs: 6D8BB50D
                                                                                  • The instruction at %p tried to %s , xrefs: 6D8BB4B6
                                                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 6D8BB48F
                                                                                  • an invalid address, %p, xrefs: 6D8BB4CF
                                                                                  • The resource is owned exclusively by thread %p, xrefs: 6D8BB374
                                                                                  • write to, xrefs: 6D8BB4A6
                                                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 6D8BB352
                                                                                  • The instruction at %p referenced memory at %p., xrefs: 6D8BB432
                                                                                  • *** enter .exr %p for the exception record, xrefs: 6D8BB4F1
                                                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 6D8BB38F
                                                                                  • Go determine why that thread has not released the critical section., xrefs: 6D8BB3C5
                                                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 6D8BB2F3
                                                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 6D8BB53F
                                                                                  • <unknown>, xrefs: 6D8BB27E, 6D8BB2D1, 6D8BB350, 6D8BB399, 6D8BB417, 6D8BB48E
                                                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 6D8BB39B
                                                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 6D8BB323
                                                                                  • *** Inpage error in %ws:%s, xrefs: 6D8BB418
                                                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 6D8BB47D
                                                                                  • read from, xrefs: 6D8BB4AD, 6D8BB4B2
                                                                                  • a NULL pointer, xrefs: 6D8BB4E0
                                                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 6D8BB3D6
                                                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 6D8BB476
                                                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 6D8BB305
                                                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 6D8BB484
                                                                                  • *** then kb to get the faulting stack, xrefs: 6D8BB51C
                                                                                  • This failed because of error %Ix., xrefs: 6D8BB446
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$ExceptionReport
                                                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                  • API String ID: 374826753-108210295
                                                                                  • Opcode ID: 548832b67436b940676507cc3053fa1022d22667aa72f54e457f0fee0577a291
                                                                                  • Instruction ID: 94fba1aba3e37efe7f44764d222f343070a004c2ff237909733421f05e566784
                                                                                  • Opcode Fuzzy Hash: 548832b67436b940676507cc3053fa1022d22667aa72f54e457f0fee0577a291
                                                                                  • Instruction Fuzzy Hash: CE81E275908200FFDB225A0DCC8CE7B3B66AF86766F414884F5146F312D335A652DA77
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8C1C06, Relevance: 80.7, APIs: 21, Strings: 25, Instructions: 195COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 44%
                                                                                  			E6D8C1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x6d7e48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6D80B150();
				} else {
					E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x6d8f589c);
				E6D80B150("Heap error detected at %p (heap handle %p)\n",  *0x6d8f58a0);
				_t27 =  *0x6d8f5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M6D8C1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6D80B150();
				} else {
					E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E6D80B150("Error code: %d - %s\n",  *0x6d8f5898);
				_t113 =  *0x6d8f58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6D80B150();
					} else {
						E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6D80B150("Parameter1: %p\n",  *0x6d8f58a4);
				}
				_t115 =  *0x6d8f58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6D80B150();
					} else {
						E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6D80B150("Parameter2: %p\n",  *0x6d8f58a8);
				}
				_t117 =  *0x6d8f58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6D80B150();
					} else {
						E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6D80B150("Parameter3: %p\n",  *0x6d8f58ac);
				}
				_t119 =  *0x6d8f58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6D80B150();
					} else {
						E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x6d8f58b4);
					E6D80B150("Last known valid blocks: before - %p, after - %p\n",  *0x6d8f58b0);
				} else {
					_t120 =  *0x6d8f58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6D80B150();
				} else {
					E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E6D80B150("Stack trace available at %p\n", 0x6d8f58c0);
			}











                                                                                  0x6d8c1c10
                                                                                  0x6d8c1c16
                                                                                  0x6d8c1c1e
                                                                                  0x6d8c1c3d
                                                                                  0x6d8c1c3e
                                                                                  0x6d8c1c20
                                                                                  0x6d8c1c35
                                                                                  0x6d8c1c3a
                                                                                  0x6d8c1c44
                                                                                  0x6d8c1c55
                                                                                  0x6d8c1c5a
                                                                                  0x6d8c1c65
                                                                                  0x6d8c1c67
                                                                                  0x00000000
                                                                                  0x6d8c1c6e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c1c67
                                                                                  0x6d8c1cdc
                                                                                  0x6d8c1ce5
                                                                                  0x6d8c1d04
                                                                                  0x6d8c1d05
                                                                                  0x6d8c1ce7
                                                                                  0x6d8c1cfc
                                                                                  0x6d8c1d01
                                                                                  0x6d8c1d0b
                                                                                  0x6d8c1d17
                                                                                  0x6d8c1d1f
                                                                                  0x6d8c1d25
                                                                                  0x6d8c1d30
                                                                                  0x6d8c1d4f
                                                                                  0x6d8c1d50
                                                                                  0x6d8c1d32
                                                                                  0x6d8c1d47
                                                                                  0x6d8c1d4c
                                                                                  0x6d8c1d61
                                                                                  0x6d8c1d67
                                                                                  0x6d8c1d68
                                                                                  0x6d8c1d6e
                                                                                  0x6d8c1d79
                                                                                  0x6d8c1d98
                                                                                  0x6d8c1d99
                                                                                  0x6d8c1d7b
                                                                                  0x6d8c1d90
                                                                                  0x6d8c1d95
                                                                                  0x6d8c1daa
                                                                                  0x6d8c1db0
                                                                                  0x6d8c1db1
                                                                                  0x6d8c1db7
                                                                                  0x6d8c1dc2
                                                                                  0x6d8c1de1
                                                                                  0x6d8c1de2
                                                                                  0x6d8c1dc4
                                                                                  0x6d8c1dd9
                                                                                  0x6d8c1dde
                                                                                  0x6d8c1df3
                                                                                  0x6d8c1df9
                                                                                  0x6d8c1dfa
                                                                                  0x6d8c1e00
                                                                                  0x6d8c1e0a
                                                                                  0x6d8c1e13
                                                                                  0x6d8c1e32
                                                                                  0x6d8c1e33
                                                                                  0x6d8c1e15
                                                                                  0x6d8c1e2a
                                                                                  0x6d8c1e2f
                                                                                  0x6d8c1e39
                                                                                  0x6d8c1e4a
                                                                                  0x6d8c1e02
                                                                                  0x6d8c1e02
                                                                                  0x6d8c1e08
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c1e08
                                                                                  0x6d8c1e5b
                                                                                  0x6d8c1e7a
                                                                                  0x6d8c1e7b
                                                                                  0x6d8c1e5d
                                                                                  0x6d8c1e72
                                                                                  0x6d8c1e77
                                                                                  0x6d8c1e95

                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,00000002,6D8F58C0,6D8C20B1,?,6D8BFFAF,00000001,00000020,6D8F58C0,00000000), ref: 6D8C1C35
                                                                                  • DbgPrint.BCCB(HEAP: ,?,00000002,6D8F58C0,6D8C20B1,?,6D8BFFAF,00000001,00000020,6D8F58C0,00000000), ref: 6D8C1C3E
                                                                                  • DbgPrint.BCCB(Heap error detected at %p (heap handle %p),?,00000002,6D8F58C0,6D8C20B1,?,6D8BFFAF,00000001,00000020,6D8F58C0,00000000), ref: 6D8C1C55
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,00000020,6D8F58C0,00000000), ref: 6D8C1CFC
                                                                                  • DbgPrint.BCCB(HEAP: ,00000020,6D8F58C0,00000000), ref: 6D8C1D05
                                                                                  • DbgPrint.BCCB(Error code: %d - %s,6D7E48A4,00000020,6D8F58C0,00000000), ref: 6D8C1D17
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1D47
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1D50
                                                                                  • DbgPrint.BCCB(Parameter1: %p,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1D61
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1D90
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1D99
                                                                                  • DbgPrint.BCCB(Parameter2: %p,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1DAA
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1DD9
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1DE2
                                                                                  • DbgPrint.BCCB(Parameter3: %p,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1DF3
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1E2A
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1E33
                                                                                  • DbgPrint.BCCB(Last known valid blocks: before - %p, after - %p,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1E4A
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1E72
                                                                                  • DbgPrint.BCCB(Stack trace available at %p,6D8F58C0,?,?,?,?,?,?,?,6D8F58C0,00000000), ref: 6D8C1E8B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                  • API String ID: 3558298466-2897834094
                                                                                  • Opcode ID: 89200a6981058e00d8af031c63581e464980781fb64fbcb158d2ad0bcc1ed350
                                                                                  • Instruction ID: 0c0ef35f43826ab0301f49be415fb95ca7f3dd7ebd90febdb2b20b6674ba7ded
                                                                                  • Opcode Fuzzy Hash: 89200a6981058e00d8af031c63581e464980781fb64fbcb158d2ad0bcc1ed350
                                                                                  • Instruction Fuzzy Hash: 4461603242514DEFD7229B8DDACCE3573A4EB09B74B46CC7AF6089B301D724E9418A5B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82A309, Relevance: 49.7, APIs: 22, Strings: 6, Instructions: 687COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 72%
                                                                                  			E6D82A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x6d8f8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E6D82A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E6D82DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E6D809373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E6D80A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x6d8f8748 - 1;
						if( *0x6d8f8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E6D80B150();
								} else {
									E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E6D80B150();
								__eflags =  *0x6d8f7bc8;
								if( *0x6d8f7bc8 == 0) {
									__eflags = 1;
									E6D8C2073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x6d8f8748 - 1;
							if( *0x6d8f8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E6D83174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E6D827D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E6D8C14FB(_t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E6D809373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E6D809819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x6d8f8748 - 1;
									if( *0x6d8f8748 >= 1) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E6D80B150();
											} else {
												E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E6D80B150();
											_pop(_t491);
											__eflags =  *0x6d8f7bc8 - _t449;
											if( *0x6d8f7bc8 == _t449) {
												__eflags = 0;
												_t491 = 1;
												E6D8C2073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E6D8CA80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E6D82A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E6D827D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E6D827D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E6D8C1411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E6D827D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E6D827D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x6d8f8748 - 1;
							if( *0x6d8f8748 < 1) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E6D80B150();
							} else {
								E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E6D80B150();
							__eflags =  *0x6d8f7bc8;
							if( *0x6d8f7bc8 == 0) {
								__eflags = 0;
								E6D8C2073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x6d8f8748 - 1;
										if( *0x6d8f8748 >= 1) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E6D80B150();
												} else {
													E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E6D80B150();
												__eflags =  *0x6d8f7bc8 - _t446;
												if( *0x6d8f7bc8 == _t446) {
													__eflags = 1;
													E6D8C2073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E6D8CA80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E6D82A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E6D82B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E6D82A830(_t553, _v64, _v24);
								_t286 = E6D827D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E6D827D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E6D8C1411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E6D827D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E6D827D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E6D8C1411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E6D83174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E6D82B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E6D827D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E6D8C14FB(_t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E6D8299BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E6D82A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E6D83ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                                  0x6d82a309
                                                                                  0x6d82a316
                                                                                  0x6d82a319
                                                                                  0x6d82a31d
                                                                                  0x6d82a32d
                                                                                  0x6d82a331
                                                                                  0x6d871e0d
                                                                                  0x6d871e10
                                                                                  0x6d82a3cb
                                                                                  0x6d82a3cb
                                                                                  0x6d82a3bd
                                                                                  0x6d82a3c3
                                                                                  0x6d82a3c3
                                                                                  0x6d82a33a
                                                                                  0x6d871e17
                                                                                  0x6d871e1b
                                                                                  0x6d871e1d
                                                                                  0x6d871e2f
                                                                                  0x6d871e34
                                                                                  0x6d871e36
                                                                                  0x6d871e3c
                                                                                  0x6d871e3c
                                                                                  0x6d871e3c
                                                                                  0x6d871e3c
                                                                                  0x6d871e36
                                                                                  0x6d871e42
                                                                                  0x6d871e45
                                                                                  0x6d871e47
                                                                                  0x6d82a3f8
                                                                                  0x6d82a3f8
                                                                                  0x6d82a3fb
                                                                                  0x6d82a3fd
                                                                                  0x6d871e50
                                                                                  0x6d82a403
                                                                                  0x6d82a411
                                                                                  0x6d82a411
                                                                                  0x6d82a411
                                                                                  0x6d82a41e
                                                                                  0x6d82a420
                                                                                  0x6d82a424
                                                                                  0x6d82a427
                                                                                  0x6d82a7c9
                                                                                  0x6d82a7cd
                                                                                  0x6d82a7d2
                                                                                  0x6d82a7d9
                                                                                  0x6d82a7e0
                                                                                  0x6d82a7e3
                                                                                  0x6d82a7ed
                                                                                  0x6d82a7f3
                                                                                  0x6d82a7f9
                                                                                  0x6d82a7ff
                                                                                  0x6d82a802
                                                                                  0x6d82a807
                                                                                  0x6d82a809
                                                                                  0x6d82a809
                                                                                  0x6d82a809
                                                                                  0x6d82a80f
                                                                                  0x6d82a80f
                                                                                  0x6d82a812
                                                                                  0x6d82a81c
                                                                                  0x6d82a821
                                                                                  0x6d82a824
                                                                                  0x6d82a42d
                                                                                  0x6d82a42d
                                                                                  0x6d82a42d
                                                                                  0x6d82a42d
                                                                                  0x6d82a42d
                                                                                  0x6d82a436
                                                                                  0x6d82a43a
                                                                                  0x6d82a609
                                                                                  0x6d82a60d
                                                                                  0x6d82a612
                                                                                  0x6d82a616
                                                                                  0x6d82a61a
                                                                                  0x6d871e57
                                                                                  0x6d871e59
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d871e5f
                                                                                  0x6d82a620
                                                                                  0x6d82a627
                                                                                  0x6d871e64
                                                                                  0x6d871e66
                                                                                  0x6d871e6c
                                                                                  0x6d871e72
                                                                                  0x6d871e76
                                                                                  0x6d871e95
                                                                                  0x6d871e9a
                                                                                  0x6d871e78
                                                                                  0x6d871e8d
                                                                                  0x6d871e92
                                                                                  0x6d871ea0
                                                                                  0x6d871ea5
                                                                                  0x6d871eaa
                                                                                  0x6d871eb2
                                                                                  0x6d871eb6
                                                                                  0x6d871eb9
                                                                                  0x6d871eb9
                                                                                  0x6d871ebe
                                                                                  0x6d871ec2
                                                                                  0x6d871ec2
                                                                                  0x6d871e66
                                                                                  0x6d82a62d
                                                                                  0x6d82a633
                                                                                  0x6d82a636
                                                                                  0x6d82a63a
                                                                                  0x6d82a63c
                                                                                  0x6d82a640
                                                                                  0x6d82a642
                                                                                  0x6d82a644
                                                                                  0x6d82a644
                                                                                  0x6d82a644
                                                                                  0x6d82a64d
                                                                                  0x6d82a64d
                                                                                  0x6d82a651
                                                                                  0x6d82a655
                                                                                  0x6d871eca
                                                                                  0x6d871ed1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d871ed7
                                                                                  0x00000000
                                                                                  0x6d82a65b
                                                                                  0x6d82a669
                                                                                  0x6d82a66e
                                                                                  0x6d82a670
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82a676
                                                                                  0x6d82a67b
                                                                                  0x6d82a680
                                                                                  0x6d82a682
                                                                                  0x6d871f1a
                                                                                  0x6d82a688
                                                                                  0x6d82a688
                                                                                  0x6d82a688
                                                                                  0x6d82a68a
                                                                                  0x6d82a68d
                                                                                  0x6d871f24
                                                                                  0x6d871f2a
                                                                                  0x6d871f31
                                                                                  0x6d871f43
                                                                                  0x6d871f43
                                                                                  0x6d871f31
                                                                                  0x6d82a693
                                                                                  0x6d82a697
                                                                                  0x6d82a69d
                                                                                  0x6d82a6a0
                                                                                  0x6d82a6a6
                                                                                  0x6d82a6a8
                                                                                  0x6d82a6a8
                                                                                  0x6d82a6a8
                                                                                  0x6d82a6a8
                                                                                  0x6d82a6b2
                                                                                  0x6d82a6b7
                                                                                  0x6d82a6c1
                                                                                  0x6d82a6c6
                                                                                  0x6d82a6d2
                                                                                  0x6d82a6d9
                                                                                  0x6d82a6e3
                                                                                  0x6d82a6e6
                                                                                  0x6d82a6eb
                                                                                  0x6d82a6ed
                                                                                  0x6d82a6ed
                                                                                  0x6d82a6ed
                                                                                  0x6d82a6ed
                                                                                  0x6d82a6f3
                                                                                  0x6d82a6f8
                                                                                  0x6d82a702
                                                                                  0x6d82a70a
                                                                                  0x6d82a70e
                                                                                  0x6d82a71a
                                                                                  0x6d82a71e
                                                                                  0x6d871fcb
                                                                                  0x6d871fcf
                                                                                  0x6d871fdd
                                                                                  0x6d871fe3
                                                                                  0x6d871fe3
                                                                                  0x6d82a724
                                                                                  0x6d82a728
                                                                                  0x6d82a72a
                                                                                  0x6d82a72d
                                                                                  0x6d82a737
                                                                                  0x6d82a73a
                                                                                  0x6d82a73c
                                                                                  0x6d82a742
                                                                                  0x6d82a748
                                                                                  0x6d871f4d
                                                                                  0x6d871f50
                                                                                  0x6d871f56
                                                                                  0x6d871f5c
                                                                                  0x6d871f5f
                                                                                  0x6d871f7e
                                                                                  0x6d871f83
                                                                                  0x6d871f61
                                                                                  0x6d871f76
                                                                                  0x6d871f7b
                                                                                  0x6d871f89
                                                                                  0x6d871f8e
                                                                                  0x6d871f93
                                                                                  0x6d871f94
                                                                                  0x6d871f9a
                                                                                  0x6d871f9c
                                                                                  0x6d871f9e
                                                                                  0x6d871fa1
                                                                                  0x6d871fa1
                                                                                  0x6d871fa6
                                                                                  0x6d871fa6
                                                                                  0x6d871f50
                                                                                  0x6d82a74e
                                                                                  0x6d82a751
                                                                                  0x6d82a754
                                                                                  0x6d82a75d
                                                                                  0x6d82a75e
                                                                                  0x6d82a762
                                                                                  0x6d82a767
                                                                                  0x6d871faf
                                                                                  0x6d871fb0
                                                                                  0x6d871fb9
                                                                                  0x6d871fbe
                                                                                  0x6d871fc2
                                                                                  0x6d871fc2
                                                                                  0x6d82a76d
                                                                                  0x6d82a76d
                                                                                  0x6d82a775
                                                                                  0x6d82a778
                                                                                  0x6d82a77d
                                                                                  0x6d82a77d
                                                                                  0x6d82a71e
                                                                                  0x6d82a782
                                                                                  0x6d82a787
                                                                                  0x6d82a789
                                                                                  0x6d871ff3
                                                                                  0x6d82a78f
                                                                                  0x6d82a78f
                                                                                  0x6d82a78f
                                                                                  0x6d82a791
                                                                                  0x6d82a794
                                                                                  0x6d871ffd
                                                                                  0x6d872006
                                                                                  0x6d87200c
                                                                                  0x6d872017
                                                                                  0x6d872019
                                                                                  0x6d872024
                                                                                  0x6d872024
                                                                                  0x6d872024
                                                                                  0x6d872047
                                                                                  0x6d872047
                                                                                  0x6d87200c
                                                                                  0x6d82a79a
                                                                                  0x6d82a79f
                                                                                  0x6d82a7a4
                                                                                  0x6d82a7a9
                                                                                  0x6d82a7ab
                                                                                  0x6d87205a
                                                                                  0x6d82a7b1
                                                                                  0x6d82a7b1
                                                                                  0x6d82a7b1
                                                                                  0x6d82a7b3
                                                                                  0x6d82a7b6
                                                                                  0x00000000
                                                                                  0x6d82a7bc
                                                                                  0x6d872066
                                                                                  0x6d872068
                                                                                  0x6d872073
                                                                                  0x6d872073
                                                                                  0x6d872073
                                                                                  0x6d872078
                                                                                  0x6d872079
                                                                                  0x6d87207d
                                                                                  0x00000000
                                                                                  0x6d87207d
                                                                                  0x6d82a7b6
                                                                                  0x6d82a440
                                                                                  0x6d82a440
                                                                                  0x6d82a440
                                                                                  0x6d82a446
                                                                                  0x6d82a44c
                                                                                  0x6d82a44f
                                                                                  0x6d82a453
                                                                                  0x6d82a455
                                                                                  0x6d8720b3
                                                                                  0x6d8720b9
                                                                                  0x6d8720b9
                                                                                  0x6d82a45d
                                                                                  0x6d82a460
                                                                                  0x6d82a464
                                                                                  0x6d82a466
                                                                                  0x6d82a46b
                                                                                  0x6d82a46f
                                                                                  0x6d82a471
                                                                                  0x6d82a471
                                                                                  0x6d82a471
                                                                                  0x6d82a474
                                                                                  0x6d82a479
                                                                                  0x6d82a47d
                                                                                  0x6d82a47f
                                                                                  0x6d872229
                                                                                  0x6d87222f
                                                                                  0x6d82a3c8
                                                                                  0x6d82a3c8
                                                                                  0x6d82a3ca
                                                                                  0x6d82a3ca
                                                                                  0x00000000
                                                                                  0x6d82a3ca
                                                                                  0x6d872235
                                                                                  0x6d87223a
                                                                                  0x6d87223a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d872240
                                                                                  0x6d872246
                                                                                  0x6d87224a
                                                                                  0x6d872269
                                                                                  0x6d87226e
                                                                                  0x6d87224c
                                                                                  0x6d872261
                                                                                  0x6d872266
                                                                                  0x6d872274
                                                                                  0x6d872279
                                                                                  0x6d87227e
                                                                                  0x6d872286
                                                                                  0x6d872288
                                                                                  0x6d87228d
                                                                                  0x6d87228d
                                                                                  0x6d872292
                                                                                  0x6d872292
                                                                                  0x6d872295
                                                                                  0x6d872295
                                                                                  0x00000000
                                                                                  0x6d872295
                                                                                  0x6d82a485
                                                                                  0x6d82a489
                                                                                  0x6d82a48b
                                                                                  0x6d82a48f
                                                                                  0x6d82a493
                                                                                  0x6d82a497
                                                                                  0x6d82a49b
                                                                                  0x6d82a4bb
                                                                                  0x6d82a4bb
                                                                                  0x6d82a4bd
                                                                                  0x6d82a4ff
                                                                                  0x6d82a4ff
                                                                                  0x6d82a501
                                                                                  0x6d82a505
                                                                                  0x6d82a50f
                                                                                  0x6d82a517
                                                                                  0x6d82a51b
                                                                                  0x6d82a527
                                                                                  0x6d82a52b
                                                                                  0x6d872182
                                                                                  0x6d872185
                                                                                  0x6d872193
                                                                                  0x6d872199
                                                                                  0x6d872199
                                                                                  0x6d82a531
                                                                                  0x6d82a535
                                                                                  0x6d82a538
                                                                                  0x6d82a548
                                                                                  0x6d82a54b
                                                                                  0x6d82a54d
                                                                                  0x6d82a553
                                                                                  0x6d82a559
                                                                                  0x6d872100
                                                                                  0x6d872103
                                                                                  0x6d872109
                                                                                  0x6d87210f
                                                                                  0x6d872112
                                                                                  0x6d872131
                                                                                  0x6d872136
                                                                                  0x6d872114
                                                                                  0x6d872129
                                                                                  0x6d87212e
                                                                                  0x6d87213c
                                                                                  0x6d872141
                                                                                  0x6d872147
                                                                                  0x6d87214d
                                                                                  0x6d872151
                                                                                  0x6d872154
                                                                                  0x6d872154
                                                                                  0x6d872159
                                                                                  0x6d872159
                                                                                  0x6d872103
                                                                                  0x6d82a55f
                                                                                  0x6d82a562
                                                                                  0x6d82a565
                                                                                  0x6d82a567
                                                                                  0x6d872162
                                                                                  0x6d82a56d
                                                                                  0x6d82a574
                                                                                  0x6d82a575
                                                                                  0x6d82a579
                                                                                  0x6d82a57e
                                                                                  0x6d872169
                                                                                  0x6d87216a
                                                                                  0x6d872170
                                                                                  0x6d872175
                                                                                  0x6d872179
                                                                                  0x6d872179
                                                                                  0x6d82a57e
                                                                                  0x6d82a584
                                                                                  0x6d82a58f
                                                                                  0x6d82a58f
                                                                                  0x6d82a52b
                                                                                  0x6d82a5ad
                                                                                  0x6d82a5bc
                                                                                  0x6d82a5c1
                                                                                  0x6d82a5c6
                                                                                  0x6d82a5cb
                                                                                  0x6d82a5cd
                                                                                  0x6d8721a9
                                                                                  0x6d82a5d3
                                                                                  0x6d82a5d3
                                                                                  0x6d82a5d3
                                                                                  0x6d82a5d5
                                                                                  0x6d82a5d8
                                                                                  0x6d8721b3
                                                                                  0x6d8721bc
                                                                                  0x6d8721c2
                                                                                  0x6d8721cd
                                                                                  0x6d8721cf
                                                                                  0x6d8721da
                                                                                  0x6d8721da
                                                                                  0x6d8721da
                                                                                  0x6d8721f7
                                                                                  0x6d8721f7
                                                                                  0x6d8721c2
                                                                                  0x6d82a5de
                                                                                  0x6d82a5e3
                                                                                  0x6d82a5e8
                                                                                  0x6d82a5ea
                                                                                  0x6d87220a
                                                                                  0x6d82a5f0
                                                                                  0x6d82a5f0
                                                                                  0x6d82a5f0
                                                                                  0x6d82a5f2
                                                                                  0x6d82a5f5
                                                                                  0x6d872219
                                                                                  0x6d87221b
                                                                                  0x6d87208c
                                                                                  0x6d87208c
                                                                                  0x6d87208c
                                                                                  0x6d872095
                                                                                  0x6d872096
                                                                                  0x6d872097
                                                                                  0x6d872098
                                                                                  0x6d8720a4
                                                                                  0x6d8720a5
                                                                                  0x6d8720a9
                                                                                  0x6d8720a9
                                                                                  0x00000000
                                                                                  0x6d82a5f5
                                                                                  0x6d82a4bf
                                                                                  0x6d82a4d3
                                                                                  0x6d82a4d8
                                                                                  0x6d82a4da
                                                                                  0x6d871ede
                                                                                  0x6d871ede
                                                                                  0x6d871ee4
                                                                                  0x6d871ee9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d871f07
                                                                                  0x00000000
                                                                                  0x6d871f07
                                                                                  0x6d82a4e0
                                                                                  0x6d82a4e5
                                                                                  0x6d82a4e7
                                                                                  0x6d8720cb
                                                                                  0x6d82a4ed
                                                                                  0x6d82a4ed
                                                                                  0x6d82a4ed
                                                                                  0x6d82a4f2
                                                                                  0x6d82a4f5
                                                                                  0x6d8720d5
                                                                                  0x6d8720de
                                                                                  0x6d8720e4
                                                                                  0x6d8720f6
                                                                                  0x6d8720f6
                                                                                  0x6d8720e4
                                                                                  0x6d82a4fb
                                                                                  0x00000000
                                                                                  0x6d82a4fb
                                                                                  0x6d82a4a1
                                                                                  0x6d82a4a4
                                                                                  0x6d82a4a8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82a4aa
                                                                                  0x6d82a4ac
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82a4b2
                                                                                  0x6d82a4b5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82a4b5
                                                                                  0x6d82a43a
                                                                                  0x6d82a340
                                                                                  0x6d82a346
                                                                                  0x6d82a600
                                                                                  0x00000000
                                                                                  0x6d82a600
                                                                                  0x6d82a34f
                                                                                  0x6d82a351
                                                                                  0x6d82a358
                                                                                  0x6d82a3c6
                                                                                  0x00000000
                                                                                  0x6d82a371
                                                                                  0x6d82a37a
                                                                                  0x6d82a37f
                                                                                  0x6d82a382
                                                                                  0x6d82a384
                                                                                  0x6d82a394
                                                                                  0x00000000
                                                                                  0x6d82a396
                                                                                  0x6d82a399
                                                                                  0x6d82a3a7
                                                                                  0x6d82a3b0
                                                                                  0x6d82a3b4
                                                                                  0x6d82a3bb
                                                                                  0x6d82a3d2
                                                                                  0x6d82a3da
                                                                                  0x6d82a3df
                                                                                  0x6d82a3e1
                                                                                  0x6d82a3e5
                                                                                  0x6d82a3ea
                                                                                  0x6d82a3f0
                                                                                  0x6d82a3f0
                                                                                  0x6d82a3e1
                                                                                  0x00000000
                                                                                  0x6d82a3bb
                                                                                  0x6d82a394

                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(00000000,00004000), ref: 6D82A4E0
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,-000000E8,?,?,?), ref: 6D82A5C1
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,-000000E8,?,?,?), ref: 6D82A5DE
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,00004000), ref: 6D82A676
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6D82A782
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6D82A79A
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6D872012
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6D872061
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,-000000E8,?,?,?), ref: 6D872214
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSession
                                                                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 1007659313-523794902
                                                                                  • Opcode ID: 344096902a8891a7249986aafc7189ddccc9d6981cc22da0bf32c8e4cc8eaf63
                                                                                  • Instruction ID: fbed1c18314babf60aae99d4260a635660f85b9afb7b084e6ef7a3dc45b6f0ab
                                                                                  • Opcode Fuzzy Hash: 344096902a8891a7249986aafc7189ddccc9d6981cc22da0bf32c8e4cc8eaf63
                                                                                  • Instruction Fuzzy Hash: 3E42CD716187829FC321CF28C898B2ABBE5FF89708F048D69F5958B351D734D985CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8C4AEF, Relevance: 47.8, APIs: 18, Strings: 9, Instructions: 529COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 59%
                                                                                  			E6D8C4AEF(signed int __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				signed int _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E6D80B150();
						} else {
							E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E6D80B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6D80B150();
					} else {
						E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E6D8BFA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E6D80B150();
						} else {
							E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E6D80B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E6D80B150();
								} else {
									E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E6D80B150();
									} else {
										E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E6D80B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E6D8BFA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E6D80B150();
										} else {
											E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E6D85D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E6D80B150();
								} else {
									E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E6D8CA80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E6D82E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E6D8CA80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E6D82E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E6D82A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E6D82A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E6D82BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E6D8B23E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E6D801F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                                                                  0x6d8c4af7
                                                                                  0x6d8c4afb
                                                                                  0x6d8c4afd
                                                                                  0x6d8c4b01
                                                                                  0x6d8c4b03
                                                                                  0x6d8c4b08
                                                                                  0x6d8c4b0a
                                                                                  0x6d8c4b0f
                                                                                  0x6d8c4eb5
                                                                                  0x6d8c4eb5
                                                                                  0x6d8c4ebb
                                                                                  0x6d8c50d5
                                                                                  0x6d8c50d8
                                                                                  0x6d8c4ff6
                                                                                  0x00000000
                                                                                  0x6d8c4ff6
                                                                                  0x6d8c50de
                                                                                  0x6d8c50e4
                                                                                  0x6d8c50e8
                                                                                  0x6d8c5107
                                                                                  0x6d8c510c
                                                                                  0x6d8c50ea
                                                                                  0x6d8c50ff
                                                                                  0x6d8c5104
                                                                                  0x6d8c5112
                                                                                  0x6d8c5115
                                                                                  0x6d8c5118
                                                                                  0x6d8c5119
                                                                                  0x6d8c50cb
                                                                                  0x6d8c50cb
                                                                                  0x6d8c50af
                                                                                  0x00000000
                                                                                  0x6d8c50af
                                                                                  0x6d8c4ecb
                                                                                  0x6d8c50b6
                                                                                  0x6d8c50bb
                                                                                  0x6d8c4ed1
                                                                                  0x6d8c4ee6
                                                                                  0x6d8c4eeb
                                                                                  0x6d8c50c1
                                                                                  0x6d8c50c2
                                                                                  0x6d8c50c5
                                                                                  0x6d8c50c6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4b15
                                                                                  0x6d8c4b15
                                                                                  0x6d8c4b1c
                                                                                  0x6d8c4b1e
                                                                                  0x6d8c4b23
                                                                                  0x6d8c4b27
                                                                                  0x6d8c4b33
                                                                                  0x6d8c4b38
                                                                                  0x6d8c4b3a
                                                                                  0x6d8c4b3c
                                                                                  0x6d8c4b41
                                                                                  0x6d8c4b41
                                                                                  0x6d8c4b3a
                                                                                  0x6d8c4b52
                                                                                  0x6d8c5045
                                                                                  0x6d8c504b
                                                                                  0x6d8c504f
                                                                                  0x6d8c506e
                                                                                  0x6d8c5073
                                                                                  0x6d8c5051
                                                                                  0x6d8c5066
                                                                                  0x6d8c506b
                                                                                  0x6d8c5083
                                                                                  0x6d8c5088
                                                                                  0x6d8c5088
                                                                                  0x6d8c508a
                                                                                  0x6d8c5091
                                                                                  0x6d8c5099
                                                                                  0x6d8c5099
                                                                                  0x6d8c509d
                                                                                  0x6d8c50a7
                                                                                  0x6d8c50ad
                                                                                  0x6d8c50ad
                                                                                  0x6d8c50ad
                                                                                  0x00000000
                                                                                  0x6d8c509d
                                                                                  0x6d8c4b58
                                                                                  0x6d8c4b5b
                                                                                  0x6d8c4b5e
                                                                                  0x6d8c4b63
                                                                                  0x6d8c4b66
                                                                                  0x6d8c4b69
                                                                                  0x6d8c4b6f
                                                                                  0x6d8c4be4
                                                                                  0x6d8c4bf0
                                                                                  0x6d8c4bf2
                                                                                  0x6d8c4bf5
                                                                                  0x6d8c4dc3
                                                                                  0x6d8c4dc6
                                                                                  0x6d8c4dc9
                                                                                  0x6d8c4dce
                                                                                  0x6d8c4dce
                                                                                  0x6d8c4dd0
                                                                                  0x6d8c4dd0
                                                                                  0x6d8c4dd5
                                                                                  0x6d8c4def
                                                                                  0x6d8c4dd7
                                                                                  0x6d8c4de7
                                                                                  0x6d8c4de7
                                                                                  0x6d8c4df3
                                                                                  0x6d8c5001
                                                                                  0x6d8c5007
                                                                                  0x6d8c500b
                                                                                  0x6d8c502a
                                                                                  0x6d8c502f
                                                                                  0x6d8c500d
                                                                                  0x6d8c5022
                                                                                  0x6d8c5027
                                                                                  0x6d8c5039
                                                                                  0x6d8c503a
                                                                                  0x6d8c503b
                                                                                  0x00000000
                                                                                  0x6d8c4df9
                                                                                  0x6d8c4dfd
                                                                                  0x6d8c4e90
                                                                                  0x6d8c4e94
                                                                                  0x6d8c4e9e
                                                                                  0x6d8c4ea4
                                                                                  0x6d8c4ea4
                                                                                  0x6d8c4ea4
                                                                                  0x6d8c4ea6
                                                                                  0x6d8c4ea6
                                                                                  0x00000000
                                                                                  0x6d8c4ea6
                                                                                  0x6d8c4e03
                                                                                  0x6d8c4e08
                                                                                  0x6d8c4f88
                                                                                  0x6d8c4f92
                                                                                  0x6d8c4f99
                                                                                  0x6d8c4f9c
                                                                                  0x6d8c4fe0
                                                                                  0x6d8c4fe4
                                                                                  0x6d8c4fee
                                                                                  0x6d8c4ff4
                                                                                  0x6d8c4ff4
                                                                                  0x6d8c4ff4
                                                                                  0x00000000
                                                                                  0x6d8c4fe4
                                                                                  0x6d8c4f9e
                                                                                  0x6d8c4fa4
                                                                                  0x6d8c4fa8
                                                                                  0x6d8c4fc7
                                                                                  0x6d8c4fcc
                                                                                  0x6d8c4faa
                                                                                  0x6d8c4fbf
                                                                                  0x6d8c4fc4
                                                                                  0x6d8c4fd2
                                                                                  0x6d8c4fd5
                                                                                  0x6d8c4fd6
                                                                                  0x6d8c4f34
                                                                                  0x6d8c4f34
                                                                                  0x00000000
                                                                                  0x6d8c4f39
                                                                                  0x6d8c4e0e
                                                                                  0x6d8c4e14
                                                                                  0x6d8c4e1b
                                                                                  0x6d8c4e25
                                                                                  0x6d8c4e2b
                                                                                  0x6d8c4e2b
                                                                                  0x6d8c4e33
                                                                                  0x6d8c4e38
                                                                                  0x6d8c4e8a
                                                                                  0x6d8c4e8a
                                                                                  0x00000000
                                                                                  0x6d8c4e3a
                                                                                  0x6d8c4e3e
                                                                                  0x6d8c4e43
                                                                                  0x6d8c4e47
                                                                                  0x6d8c4e53
                                                                                  0x6d8c4e58
                                                                                  0x6d8c4e5a
                                                                                  0x6d8c4e5c
                                                                                  0x6d8c4e61
                                                                                  0x6d8c4e61
                                                                                  0x6d8c4e5a
                                                                                  0x6d8c4e6e
                                                                                  0x6d8c4f41
                                                                                  0x6d8c4f47
                                                                                  0x6d8c4f4b
                                                                                  0x6d8c4f6a
                                                                                  0x6d8c4f6f
                                                                                  0x6d8c4f4d
                                                                                  0x6d8c4f62
                                                                                  0x6d8c4f67
                                                                                  0x6d8c4f7f
                                                                                  0x6d8c4f80
                                                                                  0x6d8c4f81
                                                                                  0x00000000
                                                                                  0x6d8c4e74
                                                                                  0x6d8c4e78
                                                                                  0x6d8c4e82
                                                                                  0x6d8c4e88
                                                                                  0x6d8c4e88
                                                                                  0x00000000
                                                                                  0x6d8c4e78
                                                                                  0x6d8c4e6e
                                                                                  0x6d8c4e38
                                                                                  0x6d8c4df3
                                                                                  0x6d8c4bfe
                                                                                  0x6d8c4c01
                                                                                  0x6d8c4c04
                                                                                  0x6d8c4c07
                                                                                  0x6d8c4c09
                                                                                  0x6d8c4c0c
                                                                                  0x6d8c4c0e
                                                                                  0x6d8c4c0e
                                                                                  0x6d8c4c11
                                                                                  0x6d8c4c11
                                                                                  0x6d8c4c0c
                                                                                  0x6d8c4c14
                                                                                  0x6d8c4c17
                                                                                  0x6d8c4dae
                                                                                  0x6d8c4db2
                                                                                  0x6d8c4db7
                                                                                  0x6d8c4dba
                                                                                  0x6d8c4dbd
                                                                                  0x6d8c4ef1
                                                                                  0x6d8c4ef7
                                                                                  0x6d8c4efb
                                                                                  0x6d8c4f1a
                                                                                  0x6d8c4f1f
                                                                                  0x6d8c4efd
                                                                                  0x6d8c4f12
                                                                                  0x6d8c4f17
                                                                                  0x6d8c4f2b
                                                                                  0x6d8c4f2b
                                                                                  0x6d8c4f2d
                                                                                  0x6d8c4f2e
                                                                                  0x6d8c4f2f
                                                                                  0x00000000
                                                                                  0x6d8c4f2f
                                                                                  0x00000000
                                                                                  0x6d8c4c1d
                                                                                  0x6d8c4c1d
                                                                                  0x6d8c4c20
                                                                                  0x6d8c4c23
                                                                                  0x6d8c4c26
                                                                                  0x6d8c4c29
                                                                                  0x6d8c4c2c
                                                                                  0x6d8c4c2e
                                                                                  0x6d8c4d91
                                                                                  0x6d8c4d91
                                                                                  0x6d8c4d92
                                                                                  0x6d8c4d97
                                                                                  0x6d8c4d9e
                                                                                  0x00000000
                                                                                  0x6d8c4d9e
                                                                                  0x6d8c4c34
                                                                                  0x6d8c4c37
                                                                                  0x6d8c4c39
                                                                                  0x6d8c4c3c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4c45
                                                                                  0x6d8c4c48
                                                                                  0x6d8c4c4e
                                                                                  0x6d8c4c50
                                                                                  0x6d8c4c78
                                                                                  0x6d8c4c78
                                                                                  0x6d8c4c7b
                                                                                  0x6d8c4c7d
                                                                                  0x6d8c4c80
                                                                                  0x6d8c4c84
                                                                                  0x6d8c4cad
                                                                                  0x6d8c4cad
                                                                                  0x6d8c4cb0
                                                                                  0x6d8c4cb8
                                                                                  0x6d8c4cbb
                                                                                  0x6d8c4cbe
                                                                                  0x6d8c4cc1
                                                                                  0x6d8c4cc7
                                                                                  0x6d8c4cdc
                                                                                  0x6d8c4cc9
                                                                                  0x6d8c4cd2
                                                                                  0x6d8c4cd4
                                                                                  0x6d8c4cd4
                                                                                  0x6d8c4cde
                                                                                  0x6d8c4ce0
                                                                                  0x6d8c4d13
                                                                                  0x6d8c4d13
                                                                                  0x6d8c4d16
                                                                                  0x6d8c4d18
                                                                                  0x6d8c4d29
                                                                                  0x6d8c4d2a
                                                                                  0x6d8c4d2c
                                                                                  0x6d8c4d34
                                                                                  0x6d8c4d1a
                                                                                  0x6d8c4d1a
                                                                                  0x6d8c4d1a
                                                                                  0x6d8c4d1d
                                                                                  0x6d8c4d1f
                                                                                  0x6d8c4d22
                                                                                  0x6d8c4d24
                                                                                  0x6d8c4d24
                                                                                  0x6d8c4d3c
                                                                                  0x6d8c4d3f
                                                                                  0x6d8c4d45
                                                                                  0x6d8c4d47
                                                                                  0x6d8c4d6c
                                                                                  0x6d8c4d6c
                                                                                  0x6d8c4d70
                                                                                  0x6d8c4d7e
                                                                                  0x6d8c4d84
                                                                                  0x6d8c4d84
                                                                                  0x00000000
                                                                                  0x6d8c4d49
                                                                                  0x6d8c4d49
                                                                                  0x6d8c4d56
                                                                                  0x6d8c4d56
                                                                                  0x6d8c4d59
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4d4e
                                                                                  0x6d8c4d50
                                                                                  0x6d8c4d52
                                                                                  0x6d8c4d8e
                                                                                  0x6d8c4d5d
                                                                                  0x6d8c4d5f
                                                                                  0x6d8c4d67
                                                                                  0x00000000
                                                                                  0x6d8c4d67
                                                                                  0x6d8c4d54
                                                                                  0x6d8c4d54
                                                                                  0x6d8c4d5b
                                                                                  0x00000000
                                                                                  0x6d8c4d5b
                                                                                  0x6d8c4ce2
                                                                                  0x6d8c4ce2
                                                                                  0x6d8c4ce5
                                                                                  0x6d8c4ce5
                                                                                  0x6d8c4ce7
                                                                                  0x6d8c4cfb
                                                                                  0x6d8c4ce9
                                                                                  0x6d8c4ce9
                                                                                  0x6d8c4cec
                                                                                  0x6d8c4cef
                                                                                  0x6d8c4cf1
                                                                                  0x6d8c4cf3
                                                                                  0x6d8c4cf3
                                                                                  0x6d8c4cf3
                                                                                  0x6d8c4cf6
                                                                                  0x6d8c4cf6
                                                                                  0x6d8c4d02
                                                                                  0x6d8c4d05
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4d07
                                                                                  0x6d8c4d0f
                                                                                  0x6d8c4d11
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4d11
                                                                                  0x00000000
                                                                                  0x6d8c4ce5
                                                                                  0x6d8c4ce0
                                                                                  0x6d8c4c8a
                                                                                  0x6d8c4c8f
                                                                                  0x6d8c4c91
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4c9d
                                                                                  0x00000000
                                                                                  0x6d8c4c9d
                                                                                  0x6d8c4c52
                                                                                  0x6d8c4c5f
                                                                                  0x6d8c4c5f
                                                                                  0x6d8c4c62
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4c57
                                                                                  0x6d8c4c59
                                                                                  0x6d8c4c5b
                                                                                  0x6d8c4caa
                                                                                  0x6d8c4c66
                                                                                  0x6d8c4c68
                                                                                  0x6d8c4c70
                                                                                  0x6d8c4c75
                                                                                  0x00000000
                                                                                  0x6d8c4c75
                                                                                  0x6d8c4c5d
                                                                                  0x6d8c4c5d
                                                                                  0x6d8c4c64
                                                                                  0x00000000
                                                                                  0x6d8c4c64
                                                                                  0x6d8c4c17
                                                                                  0x6d8c4b75
                                                                                  0x6d8c4bc4
                                                                                  0x6d8c4bc8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4bd9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4b77
                                                                                  0x6d8c4b7a
                                                                                  0x6d8c4b8c
                                                                                  0x6d8c4b7c
                                                                                  0x6d8c4b7e
                                                                                  0x6d8c4b83
                                                                                  0x6d8c4b86
                                                                                  0x6d8c4b86
                                                                                  0x6d8c4b90
                                                                                  0x6d8c4b93
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4b95
                                                                                  0x6d8c4bab
                                                                                  0x6d8c4bb0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4bb2
                                                                                  0x6d8c4bb9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4bbb
                                                                                  0x6d8c4bbe
                                                                                  0x6d8c4bc1
                                                                                  0x6d8c4bc1
                                                                                  0x00000000
                                                                                  0x6d8c4bc1
                                                                                  0x6d8c4b97
                                                                                  0x6d8c4ba4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4ba6
                                                                                  0x00000000
                                                                                  0x6d8c4ba6
                                                                                  0x6d8c4ea9
                                                                                  0x6d8c4ea9
                                                                                  0x6d8c4eb2
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlCompareMemoryUlong.BCCB(-00000008,?,FEEEFEEE), ref: 6D8C4DB2
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,-00000008,?,?), ref: 6D8C4EE6
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,-00000008,?,FEEEFEEE), ref: 6D8C4F12
                                                                                  • DbgPrint.BCCB(HEAP: ,-00000008,?,FEEEFEEE), ref: 6D8C4F1F
                                                                                  • DbgPrint.BCCB(Heap block at %p is not last block in segment (%p),-00000018,?), ref: 6D8C4F34
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C), ref: 6D8C4F62
                                                                                  • DbgPrint.BCCB(HEAP: ), ref: 6D8C4F6F
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C), ref: 6D8C4FBF
                                                                                  • DbgPrint.BCCB(HEAP: ), ref: 6D8C4FCC
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C), ref: 6D8C5022
                                                                                  • DbgPrint.BCCB(HEAP: ), ref: 6D8C502F
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C), ref: 6D8C5066
                                                                                  • DbgPrint.BCCB(HEAP: ), ref: 6D8C5073
                                                                                  • DbgPrint.BCCB(Heap entry %p has incorrect PreviousSize field (%04x instead of %04x),-00000018,?,?), ref: 6D8C5091
                                                                                  • DbgPrint.BCCB(HEAP: ,-00000008,?,?), ref: 6D8C50BB
                                                                                  • DbgPrint.BCCB(Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x),?,00000000,?,-00000008,?,?), ref: 6D8C50CB
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,-00000008,?,?), ref: 6D8C50FF
                                                                                  • DbgPrint.BCCB(HEAP: ,-00000008,?,?), ref: 6D8C510C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$CompareMemoryUlong
                                                                                  • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                  • API String ID: 2560481200-3591852110
                                                                                  • Opcode ID: fc1bd1ad65b0da624c3528ab2a22dfa4ec1a3314c06d7b0d3c29528f3628479f
                                                                                  • Instruction ID: 7d750f12ca2ca5a8107920998d7162ee1df9b62276edf13cecaebb6ae58b323c
                                                                                  • Opcode Fuzzy Hash: fc1bd1ad65b0da624c3528ab2a22dfa4ec1a3314c06d7b0d3c29528f3628479f
                                                                                  • Instruction Fuzzy Hash: 0612C830614646DBDB25CF6CC488BBABBF1FF89314F118859E5968B641D734F980CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8C4496, Relevance: 45.9, APIs: 18, Strings: 8, Instructions: 417memorynativeCOMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 55%
                                                                                  			E6D8C4496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E6D8C49A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x6d8f6378 = _t267;
						asm("int3");
						 *0x6d8f6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E6D83174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E6D80B150();
							} else {
								E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E6D80B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E6D80B150();
							} else {
								E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E6D80B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x6d8f6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E6D849660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E6D83174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E6D80B150();
										} else {
											E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_push( *((intOrPtr*)(_t330 + 8)));
										_push(_t330 + 0x10);
										E6D80B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E6D80B150();
									} else {
										E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E6D80B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E6D80B150();
								} else {
									E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E6D80B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E6D80B150();
							} else {
								E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E6D8C4AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E6D8BFA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E6D8B23E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                                  0x6d8c44a1
                                                                                  0x6d8c44a3
                                                                                  0x6d8c44a7
                                                                                  0x6d8c44ac
                                                                                  0x6d8c44af
                                                                                  0x6d8c44b2
                                                                                  0x6d8c44b9
                                                                                  0x6d8c44bc
                                                                                  0x6d8c47f2
                                                                                  0x6d8c47f2
                                                                                  0x6d8c47f8
                                                                                  0x6d8c47fc
                                                                                  0x6d8c47fe
                                                                                  0x6d8c4804
                                                                                  0x6d8c4805
                                                                                  0x6d8c4805
                                                                                  0x6d8c480c
                                                                                  0x6d8c4810
                                                                                  0x6d8c4812
                                                                                  0x6d8c4812
                                                                                  0x6d8c4812
                                                                                  0x6d8c4822
                                                                                  0x6d8c4822
                                                                                  0x6d8c4827
                                                                                  0x6d8c4827
                                                                                  0x00000000
                                                                                  0x6d8c4827
                                                                                  0x6d8c44c4
                                                                                  0x6d8c44d3
                                                                                  0x6d8c44d9
                                                                                  0x6d8c44dc
                                                                                  0x6d8c44de
                                                                                  0x6d8c44e0
                                                                                  0x6d8c4560
                                                                                  0x6d8c4520
                                                                                  0x6d8c4522
                                                                                  0x6d8c4525
                                                                                  0x6d8c4528
                                                                                  0x6d8c452b
                                                                                  0x6d8c452e
                                                                                  0x6d8c4530
                                                                                  0x6d8c4697
                                                                                  0x6d8c469d
                                                                                  0x6d8c46a1
                                                                                  0x6d8c46c0
                                                                                  0x6d8c46c5
                                                                                  0x6d8c46a3
                                                                                  0x6d8c46b8
                                                                                  0x6d8c46bd
                                                                                  0x6d8c46cb
                                                                                  0x6d8c46d4
                                                                                  0x6d8c4677
                                                                                  0x6d8c4677
                                                                                  0x6d8c4679
                                                                                  0x6d8c467c
                                                                                  0x6d8c468a
                                                                                  0x6d8c4690
                                                                                  0x6d8c4690
                                                                                  0x6d8c47f1
                                                                                  0x6d8c47f1
                                                                                  0x6d8c47f1
                                                                                  0x00000000
                                                                                  0x6d8c47f1
                                                                                  0x6d8c4536
                                                                                  0x6d8c4539
                                                                                  0x6d8c453c
                                                                                  0x6d8c4636
                                                                                  0x6d8c463c
                                                                                  0x6d8c4640
                                                                                  0x6d8c465f
                                                                                  0x6d8c4664
                                                                                  0x6d8c4642
                                                                                  0x6d8c4657
                                                                                  0x6d8c465c
                                                                                  0x6d8c4670
                                                                                  0x00000000
                                                                                  0x6d8c4542
                                                                                  0x6d8c4542
                                                                                  0x6d8c4546
                                                                                  0x6d8c4548
                                                                                  0x6d8c454b
                                                                                  0x6d8c4555
                                                                                  0x6d8c455b
                                                                                  0x6d8c455b
                                                                                  0x6d8c455b
                                                                                  0x6d8c455d
                                                                                  0x6d8c455d
                                                                                  0x6d8c455d
                                                                                  0x00000000
                                                                                  0x6d8c455d
                                                                                  0x6d8c453c
                                                                                  0x6d8c4579
                                                                                  0x6d8c457c
                                                                                  0x6d8c4587
                                                                                  0x6d8c4589
                                                                                  0x6d8c4591
                                                                                  0x6d8c4592
                                                                                  0x6d8c4597
                                                                                  0x6d8c4598
                                                                                  0x6d8c45a1
                                                                                  0x6d8c45ab
                                                                                  0x6d8c45ab
                                                                                  0x6d8c45a1
                                                                                  0x6d8c45ae
                                                                                  0x6d8c45b4
                                                                                  0x6d8c45b9
                                                                                  0x6d8c45bd
                                                                                  0x6d8c4759
                                                                                  0x6d8c4759
                                                                                  0x6d8c475f
                                                                                  0x6d8c4761
                                                                                  0x6d8c4763
                                                                                  0x6d8c4765
                                                                                  0x6d8c4768
                                                                                  0x6d8c476b
                                                                                  0x6d8c476d
                                                                                  0x6d8c479c
                                                                                  0x6d8c479c
                                                                                  0x6d8c479f
                                                                                  0x6d8c47a2
                                                                                  0x6d8c47a4
                                                                                  0x6d8c4830
                                                                                  0x6d8c4833
                                                                                  0x6d8c4879
                                                                                  0x6d8c487d
                                                                                  0x6d8c48f1
                                                                                  0x6d8c48f3
                                                                                  0x6d8c48f3
                                                                                  0x00000000
                                                                                  0x6d8c48f3
                                                                                  0x6d8c487f
                                                                                  0x6d8c4885
                                                                                  0x6d8c4887
                                                                                  0x6d8c48a8
                                                                                  0x6d8c48a8
                                                                                  0x6d8c48ae
                                                                                  0x6d8c48b0
                                                                                  0x6d8c48dc
                                                                                  0x6d8c48dc
                                                                                  0x6d8c48dc
                                                                                  0x6d8c48dc
                                                                                  0x6d8c48ec
                                                                                  0x00000000
                                                                                  0x6d8c48ec
                                                                                  0x6d8c48b2
                                                                                  0x6d8c48bc
                                                                                  0x6d8c48be
                                                                                  0x6d8c48c1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c48c3
                                                                                  0x6d8c48c3
                                                                                  0x6d8c48c6
                                                                                  0x6d8c48c9
                                                                                  0x6d8c48cc
                                                                                  0x6d8c48d1
                                                                                  0x6d8c48d4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c48d6
                                                                                  0x6d8c48d7
                                                                                  0x6d8c48da
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c48da
                                                                                  0x6d8c494f
                                                                                  0x6d8c4955
                                                                                  0x6d8c4959
                                                                                  0x6d8c4978
                                                                                  0x6d8c497d
                                                                                  0x6d8c495b
                                                                                  0x6d8c4970
                                                                                  0x6d8c4975
                                                                                  0x6d8c4986
                                                                                  0x6d8c4987
                                                                                  0x6d8c498d
                                                                                  0x6d8c4990
                                                                                  0x6d8c4997
                                                                                  0x6d8c47ef
                                                                                  0x6d8c47ef
                                                                                  0x6d8c47ef
                                                                                  0x00000000
                                                                                  0x6d8c47ef
                                                                                  0x6d8c4890
                                                                                  0x6d8c4890
                                                                                  0x6d8c4891
                                                                                  0x6d8c4891
                                                                                  0x6d8c4894
                                                                                  0x6d8c4897
                                                                                  0x6d8c489d
                                                                                  0x6d8c48a0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c48a2
                                                                                  0x6d8c48a3
                                                                                  0x6d8c48a6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c48a6
                                                                                  0x6d8c48fb
                                                                                  0x6d8c4901
                                                                                  0x6d8c4905
                                                                                  0x6d8c4924
                                                                                  0x6d8c4929
                                                                                  0x6d8c4907
                                                                                  0x6d8c491c
                                                                                  0x6d8c4921
                                                                                  0x6d8c492f
                                                                                  0x6d8c4935
                                                                                  0x6d8c4936
                                                                                  0x6d8c4939
                                                                                  0x6d8c4942
                                                                                  0x00000000
                                                                                  0x6d8c4947
                                                                                  0x6d8c4835
                                                                                  0x6d8c483b
                                                                                  0x6d8c483f
                                                                                  0x6d8c485e
                                                                                  0x6d8c4863
                                                                                  0x6d8c4841
                                                                                  0x6d8c4856
                                                                                  0x6d8c485b
                                                                                  0x6d8c4869
                                                                                  0x6d8c486c
                                                                                  0x6d8c486f
                                                                                  0x6d8c47e7
                                                                                  0x6d8c47e7
                                                                                  0x00000000
                                                                                  0x6d8c47ec
                                                                                  0x6d8c47aa
                                                                                  0x6d8c47b0
                                                                                  0x6d8c47b4
                                                                                  0x6d8c47d3
                                                                                  0x6d8c47d8
                                                                                  0x6d8c47b6
                                                                                  0x6d8c47cb
                                                                                  0x6d8c47d0
                                                                                  0x6d8c47de
                                                                                  0x6d8c47df
                                                                                  0x6d8c47e2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c476f
                                                                                  0x6d8c476f
                                                                                  0x6d8c4778
                                                                                  0x6d8c4785
                                                                                  0x6d8c4787
                                                                                  0x6d8c478c
                                                                                  0x6d8c478e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4790
                                                                                  0x6d8c4792
                                                                                  0x6d8c4794
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4796
                                                                                  0x6d8c4799
                                                                                  0x00000000
                                                                                  0x6d8c4799
                                                                                  0x00000000
                                                                                  0x6d8c45c3
                                                                                  0x6d8c45c3
                                                                                  0x6d8c45c7
                                                                                  0x6d8c45c7
                                                                                  0x6d8c45ca
                                                                                  0x6d8c45cf
                                                                                  0x6d8c45d3
                                                                                  0x6d8c45df
                                                                                  0x6d8c45e4
                                                                                  0x6d8c45e6
                                                                                  0x6d8c45e8
                                                                                  0x6d8c45ed
                                                                                  0x6d8c45ed
                                                                                  0x6d8c45f2
                                                                                  0x6d8c45f2
                                                                                  0x6d8c45f7
                                                                                  0x6d8c45fc
                                                                                  0x6d8c4602
                                                                                  0x6d8c4606
                                                                                  0x6d8c4609
                                                                                  0x6d8c460f
                                                                                  0x6d8c46de
                                                                                  0x6d8c46e3
                                                                                  0x6d8c46e5
                                                                                  0x6d8c46ec
                                                                                  0x6d8c46ee
                                                                                  0x6d8c46f6
                                                                                  0x6d8c46f6
                                                                                  0x6d8c46f6
                                                                                  0x6d8c46f6
                                                                                  0x6d8c46ec
                                                                                  0x6d8c4615
                                                                                  0x6d8c4615
                                                                                  0x6d8c461d
                                                                                  0x6d8c462e
                                                                                  0x6d8c462e
                                                                                  0x6d8c461d
                                                                                  0x6d8c460f
                                                                                  0x6d8c4609
                                                                                  0x6d8c46fd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8c4710
                                                                                  0x6d8c471a
                                                                                  0x6d8c4720
                                                                                  0x6d8c4720
                                                                                  0x6d8c4722
                                                                                  0x6d8c472c
                                                                                  0x00000000
                                                                                  0x6d8c472e
                                                                                  0x6d8c472e
                                                                                  0x00000000
                                                                                  0x6d8c472e
                                                                                  0x6d8c472c
                                                                                  0x6d8c4738
                                                                                  0x6d8c473c
                                                                                  0x6d8c474b
                                                                                  0x6d8c4751
                                                                                  0x6d8c4751
                                                                                  0x00000000
                                                                                  0x6d8c473c
                                                                                  0x6d8c48f4
                                                                                  0x6d8c48f4
                                                                                  0x00000000
                                                                                  0x6d8c48f4

                                                                                  APIs
                                                                                    • Part of subcall function 6D8C49A4: ZwAllocateVirtualMemory.BCCB(000000FF,?,00000000,?,00001000,00000004,00000000,?,00000000,?,?,6D8C44B7,?), ref: 6D8C49DF
                                                                                    • Part of subcall function 6D8C49A4: RtlCompareMemory.BCCB(?,01000000,?,00000000,?,00000000,?,?,6D8C44B7,?), ref: 6D8C49FE
                                                                                    • Part of subcall function 6D8C49A4: DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?), ref: 6D8C4A42
                                                                                    • Part of subcall function 6D8C49A4: DbgPrint.BCCB(Heap %p - headers modified (%p is %lx instead of %lx),?,HEAP: ,HEAP: ,00000000,?), ref: 6D8C4A66
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,?,00000000,?,00001000,00000004), ref: 6D8C459A
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C), ref: 6D8C4657
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C,6D85F07A), ref: 6D8C4664
                                                                                  • DbgPrint.BCCB(Non-Dedicated free list element %p is out of order,-00000008,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C), ref: 6D8C4670
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C), ref: 6D8C46B8
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C,6D85F07A), ref: 6D8C46C5
                                                                                  • DbgPrint.BCCB(dedicated (%04Ix) free list element %p is marked busy,00000000,-00000008,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20), ref: 6D8C46D4
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C), ref: 6D8C47CB
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C,6D85F07A), ref: 6D8C47D8
                                                                                  • DbgPrint.BCCB(Total size of free blocks in arena (%Id) does not match number total in heap header (%Id),?,?,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20), ref: 6D8C47E7
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C), ref: 6D8C4856
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C,6D85F07A), ref: 6D8C4863
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C), ref: 6D8C491C
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C,6D85F07A), ref: 6D8C4929
                                                                                  • DbgPrint.BCCB(Pseudo Tag %04x size incorrect (%Ix != %Ix) %p,?,00000000,00000000,00000000), ref: 6D8C4942
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C), ref: 6D8C4970
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20,0000001C,6D85F07A), ref: 6D8C497D
                                                                                  • DbgPrint.BCCB(Tag %04x (%ws) size incorrect (%Ix != %Ix) %p,?,?,00000000,?,?), ref: 6D8C4997
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$Memory$AllocateVirtual$Compare
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                  • API String ID: 1841224210-1357697941
                                                                                  • Opcode ID: 3f6a10b891ce1d1673a8d08fe12b4877985469f02417df8d31775f3c37b964e4
                                                                                  • Instruction ID: 5f97e591d8c008e3d44f58a5dd6011389f138b0b4d8e4ea28e703966340d894f
                                                                                  • Opcode Fuzzy Hash: 3f6a10b891ce1d1673a8d08fe12b4877985469f02417df8d31775f3c37b964e4
                                                                                  • Instruction Fuzzy Hash: EBF1CC31A1464ADFDB11CF6DC488BBAB7B5FF89314F118829E15697241C730FA85CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D832F70, Relevance: 41.1, APIs: 27, Instructions: 610memorythreadCOMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 92%
                                                                                  			E6D832F70(void* _a4, void* _a8, signed int _a12, void* _a16, intOrPtr _a20) {
				long _v8;
				signed int _v12;
				char _v20;
				void* _v29;
				char _v30;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				long _v56;
				void* _v60;
				void* _v64;
				long _v68;
				char _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				signed short _v88;
				signed int _v92;
				signed short _v96;
				signed int _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* __ebx;
				void* __ebp;
				signed int _t223;
				long _t226;
				signed int _t227;
				intOrPtr _t229;
				void* _t233;
				void* _t244;
				short* _t247;
				void* _t248;
				short* _t251;
				void* _t252;
				void _t253;
				signed int _t262;
				signed int _t266;
				signed short* _t267;
				signed int _t268;
				void* _t269;
				void* _t279;
				void* _t281;
				void _t299;
				signed int _t315;
				signed int _t325;
				void* _t328;
				void* _t329;
				void* _t330;
				signed int _t333;
				void* _t336;
				void* _t337;
				void* _t343;
				void* _t348;
				void* _t349;
				void* _t350;
				void* _t351;
				void* _t352;
				intOrPtr _t353;
				void* _t355;
				void* _t360;
				signed int _t365;
				signed int _t366;
				short* _t369;
				void* _t370;
				void* _t376;
				void* _t377;
				void* _t378;
				void* _t379;
				void* _t380;
				signed short _t381;
				signed short _t382;
				signed int _t389;
				void* _t390;
				void* _t392;
				void* _t393;
				void* _t395;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				intOrPtr _t403;
				void* _t406;
				short* _t407;
				void* _t408;
				short* _t409;
				void* _t412;
				int _t413;
				void* _t414;
				void* _t415;
				short* _t416;
				signed int _t419;
				int _t421;
				int _t422;
				signed int _t423;
				int _t424;
				int _t425;
				signed int _t427;
				void* _t428;
				intOrPtr _t429;
				int _t430;
				void* _t433;
				short* _t434;
				int _t436;
				int _t437;
				signed int _t438;
				signed int _t441;
				void* _t442;
				void* _t443;
				void* _t445;

				_push(0xfffffffe);
				_push(0x6d8dff28);
				_push(0x6d8517f0);
				_push( *[fs:0x0]);
				_t443 = _t442 - 0x5c;
				_t223 =  *0x6d8fd360;
				_v12 = _v12 ^ _t223;
				_push(_t223 ^ _t441);
				 *[fs:0x0] =  &_v20;
				_v52 = 0;
				_v68 = 0;
				_v29 = 0;
				_v30 = 0;
				_t419 = _a12;
				if(_t419 == 0) {
					L100:
					_t226 = 0xc000000d;
					L65:
					 *[fs:0x0] = _v20;
					return _t226;
				}
				_t348 = _a8;
				if( *_t348 == 0) {
					goto L100;
				} else {
					_t227 = 1;
					while(_t227 < _t419) {
						_t389 =  *(_t348 + _t227 * 2) & 0x0000ffff;
						if(_t389 == 0 || _t389 == 0x3d) {
							goto L100;
						} else {
							_t227 = _t227 + 1;
							_t348 = _a8;
							continue;
						}
					}
					_t349 = _a16;
					__eflags = _t349;
					if(_t349 == 0) {
						L12:
						_t229 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						_t336 =  *((intOrPtr*)(_t229 + 0x10));
						_v44 = _t336;
						_v108 = _t336;
						_v56 = 0;
						_v72 = 0;
						_t350 = _a4;
						__eflags = _t350;
						if(_t350 != 0) {
							_t351 =  *_t350;
							_v36 = _t351;
							__eflags =  *(_t336 + 0x48) - _t351;
							if( *(_t336 + 0x48) != _t351) {
								L14:
								_v8 = 0;
								_t406 = _t351;
								_v40 = _t406;
								_t337 = 0;
								_v48 = 0;
								__eflags = _t351;
								if(_t351 == 0) {
									L60:
									_t230 = _v72;
									__eflags = _t230;
									if(_t230 != 0) {
										_t406 = _t230;
										_v40 = _t406;
									}
									__eflags = _t337;
									if(_t337 == 0) {
										__eflags = _a16;
										if(_a16 == 0) {
											goto L62;
										}
										__eflags = _t406;
										if(_t406 == 0) {
											_t353 = _a20;
											_t233 = 6 + (_t419 + _t353) * 2;
											_t390 = 0;
											L74:
											_v80 = _t233;
											__eflags = _t233 - _t390;
											if(_t233 < _t390) {
												_t162 = _t353 + 2; // 0x2
												memmove(_t406 + (_t162 + _t419) * 2, _t406, _t337 - _t406 & 0xfffffffe);
												_t421 = _t419 + _t419;
												memcpy(_t406, _a8, _t421);
												_t445 = _t443 + 0x18;
												_t338 = _v29;
												__eflags = _v29;
												if(_v29 != 0) {
													memset(0x6d8f8220, 0, 0x234);
													_t445 = _t445 + 0xc;
												}
												_t407 = _t406 + _t421;
												_v40 = _t407;
												 *_t407 = 0x3d;
												_t408 = _t407 + 2;
												_v40 = _t408;
												_t422 = _a20 + _a20;
												memcpy(_t408, _a16, _t422);
												_t409 = _t408 + _t422;
												_v40 = _t409;
												_t230 = 0;
												 *_t409 = 0;
												_v40 = _t409 + 2;
												__eflags = _a4;
												if(_a4 != 0) {
													goto L63;
												} else {
													_t352 = _v44;
													 *((intOrPtr*)(_t352 + 0x48)) = _v36;
													_t230 = _v80;
													 *((intOrPtr*)(_t352 + 0x290)) = _v80;
													 *((intOrPtr*)(_t352 + 0x294)) =  *((intOrPtr*)(_t352 + 0x294)) + 1;
													goto L64;
												}
											}
											_t355 = E6D8336CC(_t233);
											_v76 = _t355;
											__eflags = _t355;
											if(_t355 == 0) {
												L106:
												_v56 = 0xc000009a;
												goto L62;
											}
											__eflags = _t406;
											if(_t406 == 0) {
												_t423 = 0;
											} else {
												_t392 = _v36;
												_t427 = _t406 - _t392;
												__eflags = _t427;
												_t423 = _t427 >> 1;
												memcpy(_t355, _t392, _t423 + _t423);
												_t443 = _t443 + 0xc;
												_t355 = _v76;
											}
											_t244 = _t355 + _t423 * 2;
											_v64 = _t244;
											_t424 = _a12 + _a12;
											memcpy(_t244, _a8, _t424);
											_t247 = _v64 + _t424;
											 *_t247 = 0x3d;
											_t248 = _t247 + 2;
											_v64 = _t248;
											_t425 = _a20 + _a20;
											memcpy(_t248, _a16, _t425);
											_t251 = _v64 + _t425;
											 *_t251 = 0;
											_t252 = _t251 + 2;
											__eflags = _t406;
											if(_t406 == 0) {
												 *_t252 = 0;
												_t338 = _v29;
											} else {
												memcpy(_t252, _t406, _t337 - _t406 & 0xfffffffe);
												_t338 = _v29;
												__eflags = _v29;
												if(_v29 != 0) {
													memset(0x6d8f8220, 0, 0x234);
												}
											}
											_t360 = _a4;
											_t253 = _v76;
											__eflags = _t360;
											if(_t360 != 0) {
												 *_t360 = _t253;
											} else {
												_t360 = _v44;
												 *(_t360 + 0x48) = _t253;
												 *((intOrPtr*)(_t360 + 0x290)) = _v80;
												_t146 = _t360 + 0x294;
												 *_t146 =  *(_t360 + 0x294) + 1;
												__eflags =  *_t146;
											}
											__eflags = _v30;
											if(_v30 != 0) {
												E6D81EB70(_t360,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
												_v30 = 0;
											}
											_t230 = RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v36);
											goto L63;
										}
										_v48 = _t406;
										while(1) {
											L69:
											_t262 =  *_t406 & 0x0000ffff;
											__eflags = _t262;
											if(_t262 == 0) {
												break;
											}
											while(1) {
												_t406 = _t406 + 2;
												_v48 = _t406;
												__eflags = _t262;
												if(_t262 == 0) {
													goto L69;
												}
												_t262 =  *_t406 & 0x0000ffff;
											}
										}
										_v48 = _t406 + 2;
										_t390 = E6D8335D0(_t351,  *( *[fs:0x30] + 0x18), 0, _t351);
										_t337 = _v48;
										_t365 = (_t337 - _v36 >> 1) + _t419 + _a20;
										__eflags = _t365;
										_t233 = 4 + _t365 * 2;
										_t406 = _v40;
										_t353 = _a20;
										goto L74;
									} else {
										L62:
										_t338 = _v29;
										L63:
										_t352 = _v44;
										L64:
										_v8 = 0xfffffffe;
										E6D8335A1(_t230, _t338, _t352);
										_t226 = _v56;
										goto L65;
									}
								}
								_v64 = _v68;
								while(1) {
									L16:
									__eflags =  *_t406 - _t337;
									if( *_t406 == _t337) {
										break;
									}
									_t428 = _t406;
									_v76 = _t428;
									_t366 = 0;
									__eflags = 0;
									_v80 = 0;
									while(1) {
										_t406 = _t406 + 2;
										_v40 = _t406;
										_t266 =  *_t406 & 0x0000ffff;
										__eflags = _t266;
										if(_t266 == 0) {
											break;
										}
										__eflags = _t266 - 0x3d;
										if(_t266 != 0x3d) {
											continue;
										}
										_t366 = _t406 - _t428 >> 1;
										_v80 = _t366;
										_t406 = _t406 + 2;
										__eflags = _t406;
										_v40 = _t406;
										_t328 = _t406;
										_v52 = _t328;
										while(1) {
											__eflags =  *_t406 - _t337;
											if( *_t406 == _t337) {
												break;
											}
											_t406 = _t406 + 2;
											_v40 = _t406;
										}
										_t399 = _t406 - _t328;
										__eflags = _t399;
										_t400 = _t399 >> 1;
										_v64 = _t400;
										_v68 = _t400;
										break;
									}
									_t406 = _t406 + 2;
									_v40 = _t406;
									_t393 = _a8;
									_t267 = _t393;
									_v60 = _t393;
									_v84 = _t428;
									__eflags = _a12 - _t366;
									if(_a12 <= _t366) {
										_t366 = _a12;
									}
									_t367 = _t393 + _t366 * 2;
									_v104 = _t367;
									while(1) {
										__eflags = _t267 - _t367;
										if(_t267 >= _t367) {
											break;
										}
										_t381 =  *_t267 & 0x0000ffff;
										_v88 = _t381;
										_t401 = _t381 & 0x0000ffff;
										_v92 = _t401;
										_t382 =  *_t428 & 0x0000ffff;
										_v96 = _t382;
										_t438 = _t382 & 0x0000ffff;
										_v100 = _t438;
										__eflags = _t401 - _t438;
										if(_t401 == _t438) {
											L37:
											_t267 =  &(_t267[1]);
											_v60 = _t267;
											_t428 = _v84 + 2;
											_v84 = _t428;
											_t367 = _v104;
											continue;
										}
										_t367 =  *0x6d8f6d5c;
										__eflags = _t401 - 0x61;
										if(_t401 >= 0x61) {
											__eflags = _t401 - 0x7a;
											if(_t401 > 0x7a) {
												_t315 = ( *( *0x6d8f6d5c + (( *(_t367 + (_t401 >> 8) * 2) & 0x0000ffff) + (_t401 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t401 & 0x0000000f);
												_t367 =  *0x6d8f6d5c;
												_t401 =  *((intOrPtr*)(_t367 + _t315 * 2)) + _v88 & 0x0000ffff;
												_t267 = _v60;
											} else {
												_t401 = _t401 + 0xffffffe0;
											}
										}
										_v92 = _t401;
										__eflags = _t438 - 0x61;
										if(_t438 >= 0x61) {
											__eflags = _t438 - 0x7a;
											if(_t438 > 0x7a) {
												_t325 = ( *( *0x6d8f6d5c + (( *(_t367 + (_t438 >> 8) * 2) & 0x0000ffff) + (_t438 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t438 & 0x0000000f);
												_t367 =  *0x6d8f6d5c;
												_t438 =  *((intOrPtr*)( *0x6d8f6d5c + _t325 * 2)) + _v96 & 0x0000ffff;
												_t267 = _v60;
											} else {
												_t438 = _t438 + 0xffffffe0;
											}
										}
										_v100 = _t438;
										__eflags = _t401 - _t438;
										if(_t401 == _t438) {
											goto L37;
										} else {
											_t395 = _t401 - _t438;
											__eflags = _t395;
											L32:
											__eflags = _t395;
											if(__eflags == 0) {
												_t343 = _t406;
												_v48 = _t343;
												while(1) {
													L44:
													_t268 =  *_t343 & 0x0000ffff;
													__eflags = _t268;
													if(_t268 == 0) {
														break;
													}
													while(1) {
														_t343 = _t343 + 2;
														_v48 = _t343;
														__eflags = _t268;
														if(_t268 == 0) {
															goto L44;
														}
														_t268 =  *_t343 & 0x0000ffff;
													}
												}
												_t337 = _t343 + 2;
												_v48 = _t337;
												_t269 = _a16;
												__eflags = _t269;
												if(_t269 == 0) {
													_push(_t337 - _t406 & 0xfffffffe);
													_push(_t406);
													_push(_v76);
													L89:
													memmove();
													_t443 = _t443 + 0xc;
													L90:
													__eflags = _v29;
													if(_v29 != 0) {
														memset(0x6d8f8220, 0, 0x234);
														_t443 = _t443 + 0xc;
													}
													goto L59;
												}
												_t429 = _a20;
												__eflags = _t429 - _v64;
												if(_t429 <= _v64) {
													_t430 = _t429 + _t429;
													memcpy(_v52, _t269, _t430);
													_t443 = _t443 + 0xc;
													_t369 = _v52 + _t430;
													 *_t369 = 0;
													_t370 = _t369 + 2;
													__eflags = _a20 - _v64;
													if(_a20 == _v64) {
														goto L90;
													}
													_t279 = _t337 - _t406 & 0xfffffffe;
													__eflags = _t279;
													_push(_t279);
													_push(_t406);
													_push(_t370);
													goto L89;
												}
												_t412 = _v36;
												_t281 = E6D8335D0(_t367,  *( *[fs:0x30] + 0x18), 0, _t412);
												_t337 = _v48;
												_t376 = (_t337 - _t412 >> 1) - _v68 + _t429 + (_t337 - _t412 >> 1) - _v68 + _t429;
												_v76 = _t376;
												__eflags = _t376 - _t281;
												if(_t376 < _t281) {
													_t413 = _t429 + _t429;
													_t433 = _v52 + 2 + _t413;
													_t377 = _v40;
													_v80 = _t377;
													memmove(_t433, _t377, _t337 - _t377 & 0xfffffffe);
													_t434 = _t433 - 2;
													 *_t434 = 0;
													memcpy(_t434 - _t413, _a16, _t413);
													_t443 = _t443 + 0x18;
													__eflags = _a4;
													if(_a4 == 0) {
														_t378 = _v44;
														 *((intOrPtr*)(_t378 + 0x48)) = _v36;
														 *((intOrPtr*)(_t378 + 0x290)) = _v76;
														_t213 = _t378 + 0x294;
														 *_t213 =  *(_t378 + 0x294) + 1;
														__eflags =  *_t213;
													}
													__eflags = _v29;
													if(_v29 != 0) {
														memset(0x6d8f8220, 0, 0x234);
														_t443 = _t443 + 0xc;
													}
													_t406 = _v80;
													goto L59;
												}
												_t414 = E6D8336CC(_t376);
												_v80 = _t414;
												__eflags = _t414;
												if(_t414 == 0) {
													goto L106;
												}
												_t379 = _v36;
												_t436 = (_v52 - _t379 >> 1) + (_v52 - _t379 >> 1);
												memcpy(_t414, _t379, _t436);
												_t415 = _t414 + _t436;
												_t437 = _a20 + _a20;
												memcpy(_t415, _a16, _t437);
												_t416 = _t415 + _t437;
												 *_t416 = 0;
												memcpy(_t416 + 2, _v40, _t337 - _v40 & 0xfffffffe);
												_t443 = _t443 + 0x24;
												_t380 = _a4;
												_t299 = _v80;
												__eflags = _t380;
												if(_t380 != 0) {
													 *_t380 = _t299;
												} else {
													_t380 = _v44;
													 *(_t380 + 0x48) = _t299;
													 *((intOrPtr*)(_t380 + 0x290)) = _v76;
													_t92 = _t380 + 0x294;
													 *_t92 =  *(_t380 + 0x294) + 1;
													__eflags =  *_t92;
												}
												__eflags = _v29;
												if(_v29 != 0) {
													memset(0x6d8f8220, 0, 0x234);
													_t443 = _t443 + 0xc;
												}
												__eflags = _v30;
												if(_v30 != 0) {
													E6D81EB70(_t380,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
													_v30 = 0;
												}
												RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v36);
												_t406 = _v40;
												_t337 = _v48;
												goto L59;
											}
											if(__eflags < 0) {
												__eflags = _v72 - _t337;
												if(_v72 == _t337) {
													_v72 = _v76;
												}
											}
											goto L16;
										}
									}
									_t395 = _a12 - _v80;
									goto L32;
								}
								L59:
								_t351 = _v36;
								_t419 = _a12;
								goto L60;
							}
							_t329 =  *(_t229 + 0x1c);
							__eflags = _t329;
							if(_t329 == 0) {
								L103:
								_v29 = 1;
								goto L14;
							} else {
								_t330 = E6D816600(_t329);
								_t351 = _v36;
								__eflags = _t330;
								if(_t330 == 0) {
									goto L14;
								}
								goto L103;
							}
						}
						_v30 = 1;
						_v29 = 1;
						L6D81EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
						_t351 =  *(_t336 + 0x48);
						_v36 = _t351;
						goto L14;
					} else {
						_t333 = 0;
						__eflags = 0;
						_t403 = _a20;
						while(1) {
							__eflags = _t333 - _t403;
							if(_t333 >= _t403) {
								goto L12;
							}
							__eflags =  *((short*)(_t349 + _t333 * 2));
							if( *((short*)(_t349 + _t333 * 2)) == 0) {
								goto L100;
							} else {
								_t333 = _t333 + 1;
								continue;
							}
						}
						goto L12;
					}
				}
			}

















































































































                                                                                  0x6d832f75
                                                                                  0x6d832f77
                                                                                  0x6d832f7c
                                                                                  0x6d832f87
                                                                                  0x6d832f88
                                                                                  0x6d832f8e
                                                                                  0x6d832f93
                                                                                  0x6d832f98
                                                                                  0x6d832f9c
                                                                                  0x6d832fa2
                                                                                  0x6d832fa9
                                                                                  0x6d832fb0
                                                                                  0x6d832fb4
                                                                                  0x6d832fb8
                                                                                  0x6d832fbd
                                                                                  0x6d875e6d
                                                                                  0x6d875e6d
                                                                                  0x6d8332f1
                                                                                  0x6d8332f4
                                                                                  0x6d833302
                                                                                  0x6d833302
                                                                                  0x6d832fc3
                                                                                  0x6d832fca
                                                                                  0x00000000
                                                                                  0x6d832fd0
                                                                                  0x6d832fd0
                                                                                  0x6d832fd5
                                                                                  0x6d832fd9
                                                                                  0x6d832fe0
                                                                                  0x00000000
                                                                                  0x6d832fef
                                                                                  0x6d832fef
                                                                                  0x6d832ff0
                                                                                  0x00000000
                                                                                  0x6d832ff0
                                                                                  0x6d832fe0
                                                                                  0x6d832ff5
                                                                                  0x6d832ff8
                                                                                  0x6d832ffa
                                                                                  0x6d833013
                                                                                  0x6d833019
                                                                                  0x6d83301c
                                                                                  0x6d83301f
                                                                                  0x6d833022
                                                                                  0x6d833025
                                                                                  0x6d83302c
                                                                                  0x6d833033
                                                                                  0x6d833036
                                                                                  0x6d833038
                                                                                  0x6d8334db
                                                                                  0x6d8334dd
                                                                                  0x6d8334e0
                                                                                  0x6d8334e3
                                                                                  0x6d83305a
                                                                                  0x6d83305a
                                                                                  0x6d833061
                                                                                  0x6d833063
                                                                                  0x6d833066
                                                                                  0x6d833068
                                                                                  0x6d83306b
                                                                                  0x6d83306d
                                                                                  0x6d8332cd
                                                                                  0x6d8332cd
                                                                                  0x6d8332d0
                                                                                  0x6d8332d2
                                                                                  0x6d833478
                                                                                  0x6d83347a
                                                                                  0x6d83347a
                                                                                  0x6d8332d8
                                                                                  0x6d8332da
                                                                                  0x6d833305
                                                                                  0x6d833309
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d83330b
                                                                                  0x6d83330d
                                                                                  0x6d875f99
                                                                                  0x6d875f9f
                                                                                  0x6d875fa6
                                                                                  0x6d833365
                                                                                  0x6d833365
                                                                                  0x6d833368
                                                                                  0x6d83336a
                                                                                  0x6d833503
                                                                                  0x6d833513
                                                                                  0x6d83351b
                                                                                  0x6d833522
                                                                                  0x6d833527
                                                                                  0x6d83352a
                                                                                  0x6d83352d
                                                                                  0x6d83352f
                                                                                  0x6d83353d
                                                                                  0x6d833542
                                                                                  0x6d833542
                                                                                  0x6d833545
                                                                                  0x6d833547
                                                                                  0x6d83354f
                                                                                  0x6d833552
                                                                                  0x6d833555
                                                                                  0x6d83355b
                                                                                  0x6d833563
                                                                                  0x6d83356b
                                                                                  0x6d83356d
                                                                                  0x6d833570
                                                                                  0x6d833572
                                                                                  0x6d833578
                                                                                  0x6d83357b
                                                                                  0x6d83357e
                                                                                  0x00000000
                                                                                  0x6d833584
                                                                                  0x6d833584
                                                                                  0x6d83358a
                                                                                  0x6d83358d
                                                                                  0x6d833590
                                                                                  0x6d833596
                                                                                  0x00000000
                                                                                  0x6d833596
                                                                                  0x6d83357e
                                                                                  0x6d833377
                                                                                  0x6d833379
                                                                                  0x6d83337c
                                                                                  0x6d83337e
                                                                                  0x6d875f0c
                                                                                  0x6d875f0c
                                                                                  0x00000000
                                                                                  0x6d875f0c
                                                                                  0x6d833384
                                                                                  0x6d833386
                                                                                  0x6d875fad
                                                                                  0x6d83338c
                                                                                  0x6d83338e
                                                                                  0x6d833391
                                                                                  0x6d833391
                                                                                  0x6d833393
                                                                                  0x6d83339b
                                                                                  0x6d8333a0
                                                                                  0x6d8333a3
                                                                                  0x6d8333a3
                                                                                  0x6d8333a6
                                                                                  0x6d8333a9
                                                                                  0x6d8333af
                                                                                  0x6d8333b7
                                                                                  0x6d8333c2
                                                                                  0x6d8333c9
                                                                                  0x6d8333cc
                                                                                  0x6d8333cf
                                                                                  0x6d8333d5
                                                                                  0x6d8333dd
                                                                                  0x6d8333e8
                                                                                  0x6d8333ec
                                                                                  0x6d8333ef
                                                                                  0x6d8333f2
                                                                                  0x6d8333f4
                                                                                  0x6d875fb6
                                                                                  0x6d875fb9
                                                                                  0x6d8333fa
                                                                                  0x6d833402
                                                                                  0x6d83340a
                                                                                  0x6d83340d
                                                                                  0x6d83340f
                                                                                  0x6d83341d
                                                                                  0x6d833422
                                                                                  0x6d83340f
                                                                                  0x6d833425
                                                                                  0x6d833428
                                                                                  0x6d83342b
                                                                                  0x6d83342d
                                                                                  0x6d8334ee
                                                                                  0x6d833433
                                                                                  0x6d833433
                                                                                  0x6d833436
                                                                                  0x6d83343c
                                                                                  0x6d833442
                                                                                  0x6d833442
                                                                                  0x6d833442
                                                                                  0x6d833442
                                                                                  0x6d833448
                                                                                  0x6d83344c
                                                                                  0x6d833457
                                                                                  0x6d83345c
                                                                                  0x6d83345c
                                                                                  0x6d83346e
                                                                                  0x00000000
                                                                                  0x6d83346e
                                                                                  0x6d833313
                                                                                  0x6d833316
                                                                                  0x6d833316
                                                                                  0x6d833316
                                                                                  0x6d833319
                                                                                  0x6d83331c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d833320
                                                                                  0x6d833320
                                                                                  0x6d833323
                                                                                  0x6d833326
                                                                                  0x6d833329
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d83332b
                                                                                  0x6d83332b
                                                                                  0x6d833320
                                                                                  0x6d833333
                                                                                  0x6d833347
                                                                                  0x6d833349
                                                                                  0x6d833355
                                                                                  0x6d833355
                                                                                  0x6d833358
                                                                                  0x6d83335f
                                                                                  0x6d833362
                                                                                  0x00000000
                                                                                  0x6d8332dc
                                                                                  0x6d8332dc
                                                                                  0x6d8332dc
                                                                                  0x6d8332df
                                                                                  0x6d8332df
                                                                                  0x6d8332e2
                                                                                  0x6d8332e2
                                                                                  0x6d8332e9
                                                                                  0x6d8332ee
                                                                                  0x00000000
                                                                                  0x6d8332ee
                                                                                  0x6d8332da
                                                                                  0x6d833076
                                                                                  0x6d833080
                                                                                  0x6d833080
                                                                                  0x6d833080
                                                                                  0x6d833083
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d833089
                                                                                  0x6d83308b
                                                                                  0x6d83308e
                                                                                  0x6d83308e
                                                                                  0x6d833090
                                                                                  0x6d833093
                                                                                  0x6d833093
                                                                                  0x6d833096
                                                                                  0x6d833099
                                                                                  0x6d83309c
                                                                                  0x6d83309f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8330a1
                                                                                  0x6d8330a4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8330aa
                                                                                  0x6d8330ac
                                                                                  0x6d8330af
                                                                                  0x6d8330af
                                                                                  0x6d8330b2
                                                                                  0x6d8330b5
                                                                                  0x6d8330b7
                                                                                  0x6d8330c0
                                                                                  0x6d8330c0
                                                                                  0x6d8330c3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8330c5
                                                                                  0x6d8330c8
                                                                                  0x6d8330c8
                                                                                  0x6d8330cf
                                                                                  0x6d8330cf
                                                                                  0x6d8330d1
                                                                                  0x6d8330d3
                                                                                  0x6d8330d6
                                                                                  0x00000000
                                                                                  0x6d8330d6
                                                                                  0x6d8330d9
                                                                                  0x6d8330dc
                                                                                  0x6d8330df
                                                                                  0x6d8330e2
                                                                                  0x6d8330e4
                                                                                  0x6d8330e7
                                                                                  0x6d8330ea
                                                                                  0x6d8330ed
                                                                                  0x6d833153
                                                                                  0x6d833153
                                                                                  0x6d8330ef
                                                                                  0x6d8330f2
                                                                                  0x6d8330f5
                                                                                  0x6d8330f5
                                                                                  0x6d8330f7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8330fd
                                                                                  0x6d833100
                                                                                  0x6d833103
                                                                                  0x6d833106
                                                                                  0x6d833109
                                                                                  0x6d83310c
                                                                                  0x6d83310f
                                                                                  0x6d833112
                                                                                  0x6d833115
                                                                                  0x6d833117
                                                                                  0x6d833158
                                                                                  0x6d833158
                                                                                  0x6d83315b
                                                                                  0x6d833161
                                                                                  0x6d833164
                                                                                  0x6d833167
                                                                                  0x00000000
                                                                                  0x6d833167
                                                                                  0x6d833119
                                                                                  0x6d83311f
                                                                                  0x6d833122
                                                                                  0x6d83317a
                                                                                  0x6d83317d
                                                                                  0x6d875eb7
                                                                                  0x6d875eb9
                                                                                  0x6d875ec7
                                                                                  0x6d875eca
                                                                                  0x6d833183
                                                                                  0x6d833183
                                                                                  0x6d833183
                                                                                  0x6d83317d
                                                                                  0x6d833124
                                                                                  0x6d833127
                                                                                  0x6d83312a
                                                                                  0x6d83316c
                                                                                  0x6d83316f
                                                                                  0x6d875ef1
                                                                                  0x6d875ef3
                                                                                  0x6d875f01
                                                                                  0x6d875f04
                                                                                  0x6d833175
                                                                                  0x6d833175
                                                                                  0x6d833175
                                                                                  0x6d83316f
                                                                                  0x6d83312c
                                                                                  0x6d83312f
                                                                                  0x6d833131
                                                                                  0x00000000
                                                                                  0x6d833133
                                                                                  0x6d833133
                                                                                  0x6d833133
                                                                                  0x6d833135
                                                                                  0x6d833135
                                                                                  0x6d833137
                                                                                  0x6d833190
                                                                                  0x6d833192
                                                                                  0x6d833195
                                                                                  0x6d833195
                                                                                  0x6d833195
                                                                                  0x6d833198
                                                                                  0x6d83319b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8331a0
                                                                                  0x6d8331a0
                                                                                  0x6d8331a3
                                                                                  0x6d8331a6
                                                                                  0x6d8331a9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8331ab
                                                                                  0x6d8331ab
                                                                                  0x6d8331a0
                                                                                  0x6d8331b0
                                                                                  0x6d8331b3
                                                                                  0x6d8331b6
                                                                                  0x6d8331b9
                                                                                  0x6d8331bb
                                                                                  0x6d8334fc
                                                                                  0x6d8334fd
                                                                                  0x6d8334fe
                                                                                  0x6d8334b0
                                                                                  0x6d8334b0
                                                                                  0x6d8334b5
                                                                                  0x6d8334b8
                                                                                  0x6d8334b8
                                                                                  0x6d8334bc
                                                                                  0x6d8334ce
                                                                                  0x6d8334d3
                                                                                  0x6d8334d3
                                                                                  0x00000000
                                                                                  0x6d8334bc
                                                                                  0x6d8331c1
                                                                                  0x6d8331c4
                                                                                  0x6d8331c7
                                                                                  0x6d833482
                                                                                  0x6d833489
                                                                                  0x6d83348e
                                                                                  0x6d833494
                                                                                  0x6d833498
                                                                                  0x6d83349b
                                                                                  0x6d8334a1
                                                                                  0x6d8334a4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8334aa
                                                                                  0x6d8334aa
                                                                                  0x6d8334ad
                                                                                  0x6d8334ae
                                                                                  0x6d8334af
                                                                                  0x00000000
                                                                                  0x6d8334af
                                                                                  0x6d8331cd
                                                                                  0x6d8331dc
                                                                                  0x6d8331e1
                                                                                  0x6d8331ef
                                                                                  0x6d8331f1
                                                                                  0x6d8331f4
                                                                                  0x6d8331f6
                                                                                  0x6d875f1f
                                                                                  0x6d875f28
                                                                                  0x6d875f2c
                                                                                  0x6d875f2f
                                                                                  0x6d875f3a
                                                                                  0x6d875f42
                                                                                  0x6d875f47
                                                                                  0x6d875f51
                                                                                  0x6d875f56
                                                                                  0x6d875f59
                                                                                  0x6d875f5d
                                                                                  0x6d875f5f
                                                                                  0x6d875f65
                                                                                  0x6d875f6b
                                                                                  0x6d875f71
                                                                                  0x6d875f71
                                                                                  0x6d875f71
                                                                                  0x6d875f71
                                                                                  0x6d875f77
                                                                                  0x6d875f7b
                                                                                  0x6d875f89
                                                                                  0x6d875f8e
                                                                                  0x6d875f8e
                                                                                  0x6d875f91
                                                                                  0x00000000
                                                                                  0x6d875f91
                                                                                  0x6d833201
                                                                                  0x6d833203
                                                                                  0x6d833206
                                                                                  0x6d833208
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d833211
                                                                                  0x6d833218
                                                                                  0x6d83321e
                                                                                  0x6d833226
                                                                                  0x6d83322b
                                                                                  0x6d833233
                                                                                  0x6d83323b
                                                                                  0x6d83323f
                                                                                  0x6d833250
                                                                                  0x6d833255
                                                                                  0x6d833258
                                                                                  0x6d83325b
                                                                                  0x6d83325e
                                                                                  0x6d833260
                                                                                  0x6d875f18
                                                                                  0x6d833266
                                                                                  0x6d833266
                                                                                  0x6d833269
                                                                                  0x6d83326f
                                                                                  0x6d833275
                                                                                  0x6d833275
                                                                                  0x6d833275
                                                                                  0x6d833275
                                                                                  0x6d83327b
                                                                                  0x6d83327f
                                                                                  0x6d83328d
                                                                                  0x6d833292
                                                                                  0x6d833292
                                                                                  0x6d833295
                                                                                  0x6d833299
                                                                                  0x6d8332a4
                                                                                  0x6d8332a9
                                                                                  0x6d8332a9
                                                                                  0x6d8332bc
                                                                                  0x6d8332c1
                                                                                  0x6d8332c4
                                                                                  0x00000000
                                                                                  0x6d8332c4
                                                                                  0x6d833139
                                                                                  0x6d83313f
                                                                                  0x6d833142
                                                                                  0x6d83314b
                                                                                  0x6d83314b
                                                                                  0x6d833142
                                                                                  0x00000000
                                                                                  0x6d833139
                                                                                  0x6d833131
                                                                                  0x6d83318b
                                                                                  0x00000000
                                                                                  0x6d83318b
                                                                                  0x6d8332c7
                                                                                  0x6d8332c7
                                                                                  0x6d8332ca
                                                                                  0x00000000
                                                                                  0x6d8332ca
                                                                                  0x6d875e77
                                                                                  0x6d875e7a
                                                                                  0x6d875e7c
                                                                                  0x6d875e8f
                                                                                  0x6d875e8f
                                                                                  0x00000000
                                                                                  0x6d875e7e
                                                                                  0x6d875e7f
                                                                                  0x6d875e84
                                                                                  0x6d875e87
                                                                                  0x6d875e89
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d875e89
                                                                                  0x6d875e7c
                                                                                  0x6d83303e
                                                                                  0x6d833042
                                                                                  0x6d83304f
                                                                                  0x6d833054
                                                                                  0x6d833057
                                                                                  0x00000000
                                                                                  0x6d832ffc
                                                                                  0x6d832ffc
                                                                                  0x6d832ffc
                                                                                  0x6d832ffe
                                                                                  0x6d833001
                                                                                  0x6d833001
                                                                                  0x6d833003
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d833005
                                                                                  0x6d83300a
                                                                                  0x00000000
                                                                                  0x6d833010
                                                                                  0x6d833010
                                                                                  0x00000000
                                                                                  0x6d833010
                                                                                  0x6d83300a
                                                                                  0x00000000
                                                                                  0x6d833001
                                                                                  0x6d832ffa

                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D83304F
                                                                                  • RtlSizeHeap.BCCB(?,00000000,00000000,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D8331DC
                                                                                  • memcpy.BCCB(00000000,00000000,00000000,?,00000000,00000000,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D83321E
                                                                                  • memcpy.BCCB(00000000,6D8F79A0,00000000,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D833233
                                                                                  • memcpy.BCCB(-00000002,00000000,?,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D833250
                                                                                  • memset.BCCB(6D8F8220,00000000,00000234,?,?,?,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE), ref: 6D83328D
                                                                                  • RtlLeaveCriticalSection.BCCB(?,?,?,?,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D8332A4
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,?,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE), ref: 6D8332BC
                                                                                  • RtlSizeHeap.BCCB(?,00000000,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D833342
                                                                                  • memcpy.BCCB(00000000,00000000,00000000,?,00000000,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D83339B
                                                                                  • memcpy.BCCB(00000000,?,00000000,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D8333B7
                                                                                  • memcpy.BCCB(-00000002,00000000,00000000,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D8333DD
                                                                                  • memcpy.BCCB(-00000002,00000000,?,?,?,?,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE), ref: 6D833402
                                                                                  • memset.BCCB(6D8F8220,00000000,00000234,?,?,?,?,?,?,?,?,?,0000003A,6D8F79A0,?,00000000), ref: 6D83341D
                                                                                  • RtlLeaveCriticalSection.BCCB(?,?,?,?,?,?,?,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28), ref: 6D833457
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,?,?,?,?,?,?,?,0000003A,6D8F79A0,?,00000000), ref: 6D83346E
                                                                                  • memcpy.BCCB(00000000,6D8F79A0,00000000,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D833489
                                                                                  • memmove.BCCB(6D832F61,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D8334B0
                                                                                  • memset.BCCB(6D8F8220,00000000,00000234,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D8334CE
                                                                                  • memmove.BCCB(00000002,00000000,?,?,00000000,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D833513
                                                                                  • memcpy.BCCB(00000000,?,00000000,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D833522
                                                                                  • memset.BCCB(6D8F8220,00000000,00000234,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D83353D
                                                                                  • memcpy.BCCB(-00000002,00000000,00000000,?,?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D833563
                                                                                  • RtlIsCriticalSectionLockedByThread.BCCB(?,?,0000003A,6D8F79A0,?,00000000,6D8517F0,6D8DFF28,000000FE,?,6D832F61), ref: 6D875E7F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy$CriticalHeapSectionmemset$FreeLeaveSizememmove$EnterLockedThread
                                                                                  • String ID:
                                                                                  • API String ID: 3971764801-0
                                                                                  • Opcode ID: 83f69a896b9ce295f54de8c1479e8aa829c932b4f1b5a4e24e3f3f6f7d656c28
                                                                                  • Instruction ID: 6be76ba2c397efd95ba181c0808593a23dfec2049469003f311d2cc02ad1c557
                                                                                  • Opcode Fuzzy Hash: 83f69a896b9ce295f54de8c1479e8aa829c932b4f1b5a4e24e3f3f6f7d656c28
                                                                                  • Instruction Fuzzy Hash: 0D32C1B1E002299FCB15CFA8C858BAEBBB5FF55704F16446DE819AB390D7359D01CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8299BF, Relevance: 33.8, APIs: 16, Strings: 3, Instructions: 572COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 78%
                                                                                  			E6D8299BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E6D8BFA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E6D8CA80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E6D85D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E6D80B150();
										} else {
											E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E6D80B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x6d8f6378 = 1;
											asm("int3");
											 *0x6d8f6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E6D82A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E6D82A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E6D82BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E6D8CA80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E6D82A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E6D82A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E6D85D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E6D80B150();
								} else {
									E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E6D80B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x6d8f6378 = 1;
									asm("int3");
									 *0x6d8f6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E6D8BFA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E6D8CA80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E6D85D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E6D80B150();
													} else {
														E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E6D80B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x6d8f6378 = 1;
														asm("int3");
														 *0x6d8f6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E6D82A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E6D82A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E6D82BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E6D8CA80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E6D85D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E6D80B150();
													} else {
														E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E6D80B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x6d8f6378 = 1;
														asm("int3");
														 *0x6d8f6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E6D82A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E6D82A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E6D82BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E6D82BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                                  0x6d8299ca
                                                                                  0x6d8299cc
                                                                                  0x6d8299df
                                                                                  0x6d8299e3
                                                                                  0x6d8299f8
                                                                                  0x6d8299fb
                                                                                  0x6d8299fb
                                                                                  0x00000000
                                                                                  0x6d829a48
                                                                                  0x6d829a48
                                                                                  0x6d829a4c
                                                                                  0x6d829a51
                                                                                  0x6d829a55
                                                                                  0x6d829a61
                                                                                  0x6d829a66
                                                                                  0x6d829a68
                                                                                  0x6d871457
                                                                                  0x6d87145c
                                                                                  0x6d87145c
                                                                                  0x6d829a68
                                                                                  0x6d829a6e
                                                                                  0x6d829a71
                                                                                  0x6d829a74
                                                                                  0x6d829a76
                                                                                  0x6d871466
                                                                                  0x6d871469
                                                                                  0x6d871469
                                                                                  0x6d87146c
                                                                                  0x6d87146e
                                                                                  0x6d871471
                                                                                  0x6d871474
                                                                                  0x6d871477
                                                                                  0x6d871479
                                                                                  0x6d87159c
                                                                                  0x6d87159c
                                                                                  0x6d87159d
                                                                                  0x6d8715a6
                                                                                  0x6d8715ab
                                                                                  0x6d8715ab
                                                                                  0x00000000
                                                                                  0x6d8715ab
                                                                                  0x6d87147f
                                                                                  0x6d871481
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d87148a
                                                                                  0x6d87148d
                                                                                  0x6d871493
                                                                                  0x6d871495
                                                                                  0x6d8714c0
                                                                                  0x6d8714c0
                                                                                  0x6d8714c3
                                                                                  0x6d8714c6
                                                                                  0x6d8714c8
                                                                                  0x6d8714cb
                                                                                  0x6d8714cf
                                                                                  0x6d8714f2
                                                                                  0x6d8714f2
                                                                                  0x6d8714f5
                                                                                  0x6d8714f8
                                                                                  0x6d871501
                                                                                  0x6d871508
                                                                                  0x6d87150b
                                                                                  0x6d87150e
                                                                                  0x6d871510
                                                                                  0x6d871513
                                                                                  0x6d871515
                                                                                  0x6d871515
                                                                                  0x6d871518
                                                                                  0x6d871518
                                                                                  0x6d871513
                                                                                  0x6d871521
                                                                                  0x6d871525
                                                                                  0x6d87152a
                                                                                  0x6d87152d
                                                                                  0x6d871530
                                                                                  0x6d871532
                                                                                  0x6d871539
                                                                                  0x6d87153d
                                                                                  0x6d87155d
                                                                                  0x6d871562
                                                                                  0x6d87153f
                                                                                  0x6d871555
                                                                                  0x6d87155a
                                                                                  0x6d871570
                                                                                  0x6d871577
                                                                                  0x6d87157c
                                                                                  0x6d871582
                                                                                  0x6d871585
                                                                                  0x6d871589
                                                                                  0x6d87158b
                                                                                  0x6d871592
                                                                                  0x6d871593
                                                                                  0x6d871593
                                                                                  0x6d871589
                                                                                  0x6d871530
                                                                                  0x00000000
                                                                                  0x6d8714f8
                                                                                  0x6d8714d5
                                                                                  0x6d8714da
                                                                                  0x6d8714dc
                                                                                  0x00000000
                                                                                  0x6d8714de
                                                                                  0x6d8714e8
                                                                                  0x00000000
                                                                                  0x6d8714e8
                                                                                  0x6d871497
                                                                                  0x6d871497
                                                                                  0x6d8714a4
                                                                                  0x6d8714a4
                                                                                  0x6d8714a7
                                                                                  0x6d8714a9
                                                                                  0x6d8714ab
                                                                                  0x6d8714ab
                                                                                  0x6d87149c
                                                                                  0x6d87149e
                                                                                  0x6d8714a0
                                                                                  0x6d8714b0
                                                                                  0x6d8714b0
                                                                                  0x00000000
                                                                                  0x6d8714a2
                                                                                  0x6d8714a2
                                                                                  0x00000000
                                                                                  0x6d8714a2
                                                                                  0x6d8714a0
                                                                                  0x6d8714b3
                                                                                  0x6d8714bb
                                                                                  0x00000000
                                                                                  0x6d8714bb
                                                                                  0x6d871495
                                                                                  0x6d829a7c
                                                                                  0x6d829a7c
                                                                                  0x6d829a7f
                                                                                  0x6d829a7f
                                                                                  0x6d829a82
                                                                                  0x6d829a84
                                                                                  0x6d829a87
                                                                                  0x6d829a8a
                                                                                  0x6d829a8d
                                                                                  0x6d829a8f
                                                                                  0x6d87166a
                                                                                  0x6d87166a
                                                                                  0x6d87166b
                                                                                  0x6d871674
                                                                                  0x00000000
                                                                                  0x6d871674
                                                                                  0x6d829a95
                                                                                  0x6d829a97
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d829aa0
                                                                                  0x6d829aa3
                                                                                  0x6d829aa9
                                                                                  0x6d829aab
                                                                                  0x6d829ad7
                                                                                  0x6d829ad7
                                                                                  0x6d829ada
                                                                                  0x6d829add
                                                                                  0x6d829adf
                                                                                  0x6d829ae2
                                                                                  0x6d829ae6
                                                                                  0x6d829b22
                                                                                  0x6d829b27
                                                                                  0x6d829b29
                                                                                  0x00000000
                                                                                  0x6d829b2b
                                                                                  0x6d8715be
                                                                                  0x00000000
                                                                                  0x6d8715be
                                                                                  0x6d829b29
                                                                                  0x6d829ae8
                                                                                  0x6d829ae8
                                                                                  0x6d829aeb
                                                                                  0x6d829aee
                                                                                  0x6d8715cb
                                                                                  0x6d8715d2
                                                                                  0x6d8715d5
                                                                                  0x6d8715d7
                                                                                  0x6d8715da
                                                                                  0x6d8715dc
                                                                                  0x6d8715dc
                                                                                  0x6d8715dc
                                                                                  0x6d8715da
                                                                                  0x6d8715e5
                                                                                  0x6d8715e9
                                                                                  0x6d8715ee
                                                                                  0x6d8715f1
                                                                                  0x6d8715f3
                                                                                  0x6d8715f9
                                                                                  0x6d871600
                                                                                  0x6d871604
                                                                                  0x6d871624
                                                                                  0x6d871629
                                                                                  0x6d871606
                                                                                  0x6d87161c
                                                                                  0x6d871621
                                                                                  0x6d871637
                                                                                  0x6d87163e
                                                                                  0x6d871643
                                                                                  0x6d871649
                                                                                  0x6d87164c
                                                                                  0x6d871650
                                                                                  0x6d871656
                                                                                  0x6d87165d
                                                                                  0x6d87165e
                                                                                  0x6d87165e
                                                                                  0x6d871650
                                                                                  0x6d8715f3
                                                                                  0x6d829af4
                                                                                  0x6d829af7
                                                                                  0x6d829afc
                                                                                  0x6d829b00
                                                                                  0x6d829b04
                                                                                  0x6d829b08
                                                                                  0x6d829b14
                                                                                  0x6d8299fe
                                                                                  0x6d829a04
                                                                                  0x6d829a07
                                                                                  0x00000000
                                                                                  0x6d829a29
                                                                                  0x6d87169c
                                                                                  0x6d8716a0
                                                                                  0x6d8716a5
                                                                                  0x6d8716a9
                                                                                  0x6d8716b5
                                                                                  0x6d8716ba
                                                                                  0x6d8716bc
                                                                                  0x6d8716be
                                                                                  0x6d8716c3
                                                                                  0x6d8716c3
                                                                                  0x6d8716bc
                                                                                  0x6d8716c8
                                                                                  0x6d8716cc
                                                                                  0x6d87181b
                                                                                  0x6d87181b
                                                                                  0x6d87181e
                                                                                  0x6d87181e
                                                                                  0x6d871821
                                                                                  0x6d871823
                                                                                  0x6d871826
                                                                                  0x6d871829
                                                                                  0x6d87182c
                                                                                  0x6d87182e
                                                                                  0x6d871688
                                                                                  0x6d871688
                                                                                  0x6d871689
                                                                                  0x6d87168b
                                                                                  0x6d87168c
                                                                                  0x6d87168d
                                                                                  0x6d87168f
                                                                                  0x6d871692
                                                                                  0x00000000
                                                                                  0x6d871692
                                                                                  0x6d871834
                                                                                  0x6d871836
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d87183f
                                                                                  0x6d871842
                                                                                  0x6d871848
                                                                                  0x6d87184a
                                                                                  0x6d871875
                                                                                  0x6d871875
                                                                                  0x6d871878
                                                                                  0x6d87187b
                                                                                  0x6d87187d
                                                                                  0x6d871880
                                                                                  0x6d871884
                                                                                  0x6d8718a7
                                                                                  0x6d8718a7
                                                                                  0x6d8718aa
                                                                                  0x6d8718ad
                                                                                  0x6d8718b6
                                                                                  0x6d8718bd
                                                                                  0x6d8718c0
                                                                                  0x6d8718c3
                                                                                  0x6d8718c5
                                                                                  0x6d8718c8
                                                                                  0x6d8718ca
                                                                                  0x6d8718ca
                                                                                  0x6d8718cd
                                                                                  0x6d8718cd
                                                                                  0x6d8718c8
                                                                                  0x6d8718d5
                                                                                  0x6d8718da
                                                                                  0x6d8718df
                                                                                  0x6d8718e2
                                                                                  0x6d8718e5
                                                                                  0x6d8718e7
                                                                                  0x6d8718ee
                                                                                  0x6d8718f2
                                                                                  0x6d871912
                                                                                  0x6d871917
                                                                                  0x6d8718f4
                                                                                  0x6d87190a
                                                                                  0x6d87190f
                                                                                  0x6d871925
                                                                                  0x6d87192c
                                                                                  0x6d871931
                                                                                  0x6d87193a
                                                                                  0x6d87193e
                                                                                  0x6d871940
                                                                                  0x6d871947
                                                                                  0x6d871948
                                                                                  0x6d871948
                                                                                  0x6d87193e
                                                                                  0x6d8718e5
                                                                                  0x6d87194f
                                                                                  0x6d871952
                                                                                  0x6d871956
                                                                                  0x6d87195d
                                                                                  0x6d871961
                                                                                  0x6d87196d
                                                                                  0x00000000
                                                                                  0x6d87196d
                                                                                  0x6d87188a
                                                                                  0x6d87188f
                                                                                  0x6d871891
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d87189d
                                                                                  0x00000000
                                                                                  0x6d87189d
                                                                                  0x6d87184c
                                                                                  0x6d871859
                                                                                  0x6d871859
                                                                                  0x6d87185c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d871851
                                                                                  0x6d871853
                                                                                  0x6d871855
                                                                                  0x6d871865
                                                                                  0x6d871865
                                                                                  0x6d871866
                                                                                  0x6d871868
                                                                                  0x6d871870
                                                                                  0x00000000
                                                                                  0x6d871870
                                                                                  0x6d871857
                                                                                  0x6d871857
                                                                                  0x6d87185e
                                                                                  0x00000000
                                                                                  0x6d8716d2
                                                                                  0x6d8716d2
                                                                                  0x6d8716d5
                                                                                  0x6d8716d5
                                                                                  0x6d8716d8
                                                                                  0x6d8716da
                                                                                  0x6d8716dd
                                                                                  0x6d8716e0
                                                                                  0x6d8716e3
                                                                                  0x6d8716e5
                                                                                  0x6d871808
                                                                                  0x6d871808
                                                                                  0x6d871809
                                                                                  0x6d871812
                                                                                  0x6d871817
                                                                                  0x6d871817
                                                                                  0x00000000
                                                                                  0x6d871817
                                                                                  0x6d8716eb
                                                                                  0x6d8716ed
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8716f6
                                                                                  0x6d8716f9
                                                                                  0x6d8716ff
                                                                                  0x6d871701
                                                                                  0x6d87172c
                                                                                  0x6d87172c
                                                                                  0x6d87172f
                                                                                  0x6d871732
                                                                                  0x6d871734
                                                                                  0x6d871737
                                                                                  0x6d87173b
                                                                                  0x6d87175e
                                                                                  0x6d87175e
                                                                                  0x6d871761
                                                                                  0x6d871764
                                                                                  0x6d87176d
                                                                                  0x6d871774
                                                                                  0x6d871777
                                                                                  0x6d87177a
                                                                                  0x6d87177c
                                                                                  0x6d87177f
                                                                                  0x6d871781
                                                                                  0x6d871781
                                                                                  0x6d871784
                                                                                  0x6d871784
                                                                                  0x6d87177f
                                                                                  0x6d87178c
                                                                                  0x6d871791
                                                                                  0x6d871796
                                                                                  0x6d871799
                                                                                  0x6d87179c
                                                                                  0x6d87179e
                                                                                  0x6d8717a5
                                                                                  0x6d8717a9
                                                                                  0x6d8717c9
                                                                                  0x6d8717ce
                                                                                  0x6d8717ab
                                                                                  0x6d8717c1
                                                                                  0x6d8717c6
                                                                                  0x6d8717dc
                                                                                  0x6d8717e3
                                                                                  0x6d8717e8
                                                                                  0x6d8717ee
                                                                                  0x6d8717f1
                                                                                  0x6d8717f5
                                                                                  0x6d8717f7
                                                                                  0x6d8717fe
                                                                                  0x6d8717ff
                                                                                  0x6d8717ff
                                                                                  0x6d8717f5
                                                                                  0x6d87179c
                                                                                  0x00000000
                                                                                  0x6d871764
                                                                                  0x6d871741
                                                                                  0x6d871746
                                                                                  0x6d871748
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d871754
                                                                                  0x00000000
                                                                                  0x6d871754
                                                                                  0x6d871703
                                                                                  0x6d871710
                                                                                  0x6d871710
                                                                                  0x6d871713
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d871708
                                                                                  0x6d87170a
                                                                                  0x6d87170c
                                                                                  0x6d87171c
                                                                                  0x6d87171c
                                                                                  0x6d87171d
                                                                                  0x6d87171f
                                                                                  0x6d871727
                                                                                  0x00000000
                                                                                  0x6d871727
                                                                                  0x6d87170e
                                                                                  0x6d87170e
                                                                                  0x6d871715
                                                                                  0x00000000
                                                                                  0x6d871715
                                                                                  0x6d8716cc
                                                                                  0x6d829a45
                                                                                  0x6d829a45
                                                                                  0x6d829a0e
                                                                                  0x6d829a1c
                                                                                  0x6d829a23
                                                                                  0x6d87167e
                                                                                  0x6d87167f
                                                                                  0x6d871681
                                                                                  0x6d871683
                                                                                  0x6d871684
                                                                                  0x00000000
                                                                                  0x6d871684
                                                                                  0x00000000
                                                                                  0x6d829aad
                                                                                  0x6d829aad
                                                                                  0x6d829ab0
                                                                                  0x6d829ab3
                                                                                  0x6d829ab3
                                                                                  0x6d829ab6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d829ab8
                                                                                  0x6d829aba
                                                                                  0x6d829abc
                                                                                  0x6d829ac8
                                                                                  0x6d829ac8
                                                                                  0x00000000
                                                                                  0x6d829abe
                                                                                  0x6d829abe
                                                                                  0x6d829ac0
                                                                                  0x00000000
                                                                                  0x6d829ac0
                                                                                  0x6d829abc
                                                                                  0x6d829ad2
                                                                                  0x00000000
                                                                                  0x6d829ad2
                                                                                  0x6d829aab

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                  • API String ID: 0-3178619729
                                                                                  • Opcode ID: f671766c550157a33bbfa6da7dc7c3c68cf41062c9ed9c1ef7ad74a368705e6c
                                                                                  • Instruction ID: 5e9f809d03014ddae56c0c9d4627b6c2e7c92b1ff28e7b1b9732cdf0efabd5c6
                                                                                  • Opcode Fuzzy Hash: f671766c550157a33bbfa6da7dc7c3c68cf41062c9ed9c1ef7ad74a368705e6c
                                                                                  • Instruction Fuzzy Hash: C2221170A042469FD725CF29C8A8B7EBBF5FF45708F148969E8558B742E730E980CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D808239, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 233nativememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 72%
                                                                                  			E6D808239(signed int* __ecx, long* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				long _v568;
				long _v572;
				intOrPtr _v576;
				short _v578;
				void* _v580;
				signed int _v584;
				intOrPtr _v586;
				void* _v588;
				void* _v592;
				void* _v596;
				intOrPtr _v600;
				long* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				void* _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t94;
				void* _t99;
				long _t118;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				void* _t138;
				intOrPtr _t143;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x6d8fd360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E6D816D30( &_v580, L"UseFilter") < 0) {
					L4:
					return E6D84B640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E6D849650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E6D816D30( &_v580, L"\\??\\") < 0) {
							goto L4;
						}
						if(RtlPrefixUnicodeString( &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E6D849820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E6D849600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E6D816D30( &_v580, L"FilterFullPath");
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E6D8495D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E6D849650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t150);
									}
									_t147 =  *( *[fs:0x30] + 0x18);
									if(_t147 != 0) {
										_t150 = RtlAllocateHeap(_t147,  *0x6d8f7b9c + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(RtlCompareUnicodeString( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E6D8495D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E6D8495D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

















































                                                                                  0x6d808239
                                                                                  0x6d80824b
                                                                                  0x6d80824e
                                                                                  0x6d80825d
                                                                                  0x6d808260
                                                                                  0x6d80826e
                                                                                  0x6d808275
                                                                                  0x6d80827b
                                                                                  0x6d80827d
                                                                                  0x6d808287
                                                                                  0x6d808294
                                                                                  0x6d8082ce
                                                                                  0x6d8082de
                                                                                  0x6d8082de
                                                                                  0x6d80829c
                                                                                  0x6d80829d
                                                                                  0x6d8082a8
                                                                                  0x6d8082a9
                                                                                  0x6d8082b1
                                                                                  0x6d8082b2
                                                                                  0x6d8082b4
                                                                                  0x6d8082bb
                                                                                  0x6d862dfa
                                                                                  0x6d8082cc
                                                                                  0x6d8082cc
                                                                                  0x6d862e19
                                                                                  0x6d862e19
                                                                                  0x6d862e1b
                                                                                  0x6d862e1e
                                                                                  0x6d862e30
                                                                                  0x6d862e3d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d862e5a
                                                                                  0x6d862e61
                                                                                  0x6d862e68
                                                                                  0x6d862e72
                                                                                  0x6d862e72
                                                                                  0x6d862e78
                                                                                  0x6d862e7e
                                                                                  0x6d862e80
                                                                                  0x6d862e86
                                                                                  0x6d862e8c
                                                                                  0x6d862e8c
                                                                                  0x6d862e92
                                                                                  0x6d862e93
                                                                                  0x6d862e99
                                                                                  0x6d862e9a
                                                                                  0x6d862e9c
                                                                                  0x6d862e9d
                                                                                  0x6d862ea4
                                                                                  0x6d862ea8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d862eae
                                                                                  0x6d862eb8
                                                                                  0x6d862ec3
                                                                                  0x6d862eca
                                                                                  0x6d862ed1
                                                                                  0x6d862edb
                                                                                  0x6d862ee3
                                                                                  0x6d862eef
                                                                                  0x6d862efb
                                                                                  0x6d862efc
                                                                                  0x6d862f08
                                                                                  0x6d862f12
                                                                                  0x6d862f13
                                                                                  0x6d862f22
                                                                                  0x6d862f26
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d862f3d
                                                                                  0x6d862f41
                                                                                  0x6d863069
                                                                                  0x6d863069
                                                                                  0x6d86306f
                                                                                  0x00000000
                                                                                  0x6d86306f
                                                                                  0x6d862f47
                                                                                  0x6d862f4d
                                                                                  0x6d862f53
                                                                                  0x6d862f59
                                                                                  0x6d862f5a
                                                                                  0x6d862f5b
                                                                                  0x6d862f5c
                                                                                  0x6d862f64
                                                                                  0x6d862f65
                                                                                  0x6d862f70
                                                                                  0x6d862f78
                                                                                  0x6d862f84
                                                                                  0x6d862f92
                                                                                  0x6d862f92
                                                                                  0x6d862f9d
                                                                                  0x6d862fa2
                                                                                  0x6d863004
                                                                                  0x6d863008
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86300a
                                                                                  0x6d863010
                                                                                  0x6d863012
                                                                                  0x6d863018
                                                                                  0x00000000
                                                                                  0x6d862fa4
                                                                                  0x6d862fa4
                                                                                  0x6d862fa6
                                                                                  0x6d862fa6
                                                                                  0x00000000
                                                                                  0x6d862fa6
                                                                                  0x6d862fab
                                                                                  0x6d862fab
                                                                                  0x6d862fab
                                                                                  0x6d862fab
                                                                                  0x6d862fb1
                                                                                  0x6d862fb1
                                                                                  0x6d862fc1
                                                                                  0x6d862fc7
                                                                                  0x6d862fcf
                                                                                  0x6d863020
                                                                                  0x6d86302a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86302c
                                                                                  0x6d863034
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d863036
                                                                                  0x6d863039
                                                                                  0x6d863040
                                                                                  0x6d86304a
                                                                                  0x6d863067
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d863067
                                                                                  0x6d862fd1
                                                                                  0x6d862fd7
                                                                                  0x6d862fdc
                                                                                  0x6d862fe4
                                                                                  0x6d862fe6
                                                                                  0x6d863074
                                                                                  0x6d86307a
                                                                                  0x6d863080
                                                                                  0x6d863081
                                                                                  0x6d863087
                                                                                  0x6d863091
                                                                                  0x6d86309f
                                                                                  0x6d86309f
                                                                                  0x6d8630a6
                                                                                  0x6d8630a8
                                                                                  0x6d8630aa
                                                                                  0x6d8630b5
                                                                                  0x6d8630b5
                                                                                  0x6d8630b7
                                                                                  0x6d8630bf
                                                                                  0x6d8630c1
                                                                                  0x6d8630c1
                                                                                  0x00000000
                                                                                  0x6d862dfa
                                                                                  0x6d8082c6
                                                                                  0x6d862ddd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d862de8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d862dee
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlInitUnicodeStringEx.BCCB(?,UseFilter,?,00000000,?), ref: 6D80828D
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6D8082B4
                                                                                  • RtlInitUnicodeStringEx.BCCB(?,\??\,?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6D862E36
                                                                                  • RtlPrefixUnicodeString.BCCB(?,?,00000001,?,\??\,?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6D862E53
                                                                                  • ZwEnumerateKey.BCCB(?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?,00000002,?,00000220), ref: 6D862E9F
                                                                                  • ZwOpenKey.BCCB(00000000,?,?,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?), ref: 6D862F1D
                                                                                  • RtlInitUnicodeStringEx.BCCB(?,FilterFullPath,00000000,?,?,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\), ref: 6D862F38
                                                                                  • ZwQueryValueKey.BCCB(00000000,?,00000002,?,00000220,?,?,FilterFullPath,00000000,?,?,?,00000000,00000000,?,00000220), ref: 6D862F6B
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,?,00000002,?,00000220,?,?,FilterFullPath,00000000,?,?,?,00000000), ref: 6D862F92
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: StringUnicode$Init$QueryValue$EnumerateFreeHeapOpenPrefix
                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                  • API String ID: 941260810-2779062949
                                                                                  • Opcode ID: afc332f3e53f69f78a738d64b4c552e18aad43ba576e991f554e39aa1271410f
                                                                                  • Instruction ID: 1db2af73bc2d189f1e6c5d29fdc7f35127f9f62b6af5262881d63ef8b51d5c64
                                                                                  • Opcode Fuzzy Hash: afc332f3e53f69f78a738d64b4c552e18aad43ba576e991f554e39aa1271410f
                                                                                  • Instruction Fuzzy Hash: A6A18D3191566A9BDB31DF28CC8CBA9B3B8EF44724F1149E9E908A7250D7359EC4CF60
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8040FD, Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 195nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 60%
                                                                                  			E6D8040FD(void* __ecx) {
				signed int _v8;
				long _v548;
				signed int _v552;
				char _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t53;
				unsigned int _t66;
				void* _t68;
				wchar_t* _t73;
				intOrPtr _t77;
				short* _t85;
				wchar_t* _t98;
				signed int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x6d8fd360 ^ _t107;
				_v8 =  *0x6d8fd360 ^ _t107;
				_t105 = __ecx;
				if( *0x6d8f84d4 == 0) {
					L5:
					return E6D84B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E6D81E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					if(E6D8042EB(_t105) != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E6D8041EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
						}
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E6D8496C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					if(E6D80429E(_t105 + 0x2c, _t102) >= 0) {
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E6D895720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						memset( &_v548, 0, 0x214);
						_t106 =  *0x6d8f84d4;
						_t110 = _t108 + 0x20;
						 *0x6d8fb1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						if( *( *0x6d8f84d4)() == 0) {
							goto L8;
						}
						_t66 = _v560;
						if(_t66 == 0 || _t66 >= 0x214) {
							goto L8;
						} else {
							_t68 = (_t66 >> 1) * 2 - 2;
							if(_t68 >= 0x214) {
								E6D84B75A();
								goto L33;
							}
							_push(_t85);
							 *((short*)(_t107 + _t68 - 0x220)) = 0;
							E6D895720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
							_t111 = _t110 + 0x14;
							_t73 = wcsstr( &_v548, L"Execute=1");
							_push(_t85);
							if(_t73 == 0) {
								E6D895720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
								_t106 =  &_v548;
								_t98 = _t106;
								_t112 = _t111 + 0x14;
								_t77 = _t98 + _v560;
								_v556 = _t77;
								if(_t98 >= _t77) {
									goto L8;
								} else {
									goto L27;
								}
								do {
									L27:
									_t85 = wcschr(_t106, 0x20);
									if(_t85 != 0) {
										 *_t85 = 0;
									}
									E6D895720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
									_t112 = _t112 + 0x10;
									E6D883E13(_t105, _t106);
									if(_t85 == 0) {
										goto L8;
									}
									_t41 = _t85 + 2; // 0x2
									_t106 = _t41;
								} while (_t106 < _v556);
								goto L8;
							}
							_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
							_push(3);
							_push(0x55);
							E6D895720();
							goto L15;
						}
					}
					L8:
					if(E6D8041F7(_t105) != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}




























                                                                                  0x6d80410d
                                                                                  0x6d80410f
                                                                                  0x6d80411c
                                                                                  0x6d80411e
                                                                                  0x6d804158
                                                                                  0x6d804168
                                                                                  0x6d804168
                                                                                  0x6d804126
                                                                                  0x6d804130
                                                                                  0x6d80413c
                                                                                  0x6d8604a2
                                                                                  0x6d804142
                                                                                  0x6d80414b
                                                                                  0x6d80414b
                                                                                  0x6d80414f
                                                                                  0x6d80416b
                                                                                  0x6d804178
                                                                                  0x6d8041d0
                                                                                  0x6d8041d2
                                                                                  0x6d8041d3
                                                                                  0x6d8041a7
                                                                                  0x6d8041b0
                                                                                  0x6d8041db
                                                                                  0x6d8041b2
                                                                                  0x6d8041b8
                                                                                  0x6d8041bf
                                                                                  0x6d8041c1
                                                                                  0x6d8041c1
                                                                                  0x6d8041c5
                                                                                  0x6d8041df
                                                                                  0x6d8041e2
                                                                                  0x6d8041e2
                                                                                  0x6d8041c9
                                                                                  0x6d860628
                                                                                  0x6d860628
                                                                                  0x6d860630
                                                                                  0x6d860631
                                                                                  0x6d860633
                                                                                  0x6d860635
                                                                                  0x6d860635
                                                                                  0x00000000
                                                                                  0x6d8041c9
                                                                                  0x6d80417d
                                                                                  0x6d804183
                                                                                  0x6d804190
                                                                                  0x6d8604af
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8604b5
                                                                                  0x6d8604c8
                                                                                  0x6d8604d5
                                                                                  0x6d8604e5
                                                                                  0x6d8604ea
                                                                                  0x6d8604f6
                                                                                  0x6d860518
                                                                                  0x6d860522
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d860528
                                                                                  0x6d860530
                                                                                  0x00000000
                                                                                  0x6d860543
                                                                                  0x6d860545
                                                                                  0x6d86054e
                                                                                  0x6d860623
                                                                                  0x00000000
                                                                                  0x6d860623
                                                                                  0x6d860556
                                                                                  0x6d860557
                                                                                  0x6d86056f
                                                                                  0x6d860574
                                                                                  0x6d860583
                                                                                  0x6d86058a
                                                                                  0x6d86058d
                                                                                  0x6d8605b5
                                                                                  0x6d8605c0
                                                                                  0x6d8605c6
                                                                                  0x6d8605c8
                                                                                  0x6d8605cb
                                                                                  0x6d8605cd
                                                                                  0x6d8605d5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8605db
                                                                                  0x6d8605db
                                                                                  0x6d8605e3
                                                                                  0x6d8605e9
                                                                                  0x6d8605ed
                                                                                  0x6d8605ed
                                                                                  0x6d8605fa
                                                                                  0x6d8605ff
                                                                                  0x6d860606
                                                                                  0x6d86060d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d860613
                                                                                  0x6d860613
                                                                                  0x6d860616
                                                                                  0x00000000
                                                                                  0x6d86061e
                                                                                  0x6d86058f
                                                                                  0x6d860594
                                                                                  0x6d860596
                                                                                  0x6d860598
                                                                                  0x00000000
                                                                                  0x6d86059d
                                                                                  0x6d860530
                                                                                  0x6d804196
                                                                                  0x6d80419f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8041a1
                                                                                  0x00000000
                                                                                  0x6d804151
                                                                                  0x6d804151
                                                                                  0x6d804151
                                                                                  0x00000000
                                                                                  0x6d804151

                                                                                  APIs
                                                                                  • RtlImageNtHeaderEx.BCCB(00000003,?,00000000,00000000,?), ref: 6D804130
                                                                                  • ZwSetInformationProcess.BCCB(000000FF,00000022,?,00000004,00000003,?,00000000,00000000,?), ref: 6D860635
                                                                                  Strings
                                                                                  • Execute=1, xrefs: 6D86057D
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 6D8604BF
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 6D8605F1
                                                                                  • ExecuteOptions, xrefs: 6D86050A
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 6D86058F
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 6D860566
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 6D8605AC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: HeaderImageInformationProcess
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 4034523672-484625025
                                                                                  • Opcode ID: da6c0d04d9b4d7520dccd6cd42dc2785ff729a0a1a407ac503f555d8e2290f35
                                                                                  • Instruction ID: 5b2a30433b8d3c2c69187efceeb68aec7ebe8b9c9ba05a50f1853885c448d363
                                                                                  • Opcode Fuzzy Hash: da6c0d04d9b4d7520dccd6cd42dc2785ff729a0a1a407ac503f555d8e2290f35
                                                                                  • Instruction Fuzzy Hash: DB613871644219BAEB109A9DDC8DFBA77B8EFAC315F000899E614A7181EB309E418B64
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8BCF70, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 171nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 76%
                                                                                  			E6D8BCF70(void* __ecx, intOrPtr _a4, intOrPtr _a8, unsigned int* _a12) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				char _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				intOrPtr _v76;
				intOrPtr _t61;
				char _t92;
				unsigned int* _t94;
				void* _t104;
				char _t105;
				unsigned int _t107;
				intOrPtr _t109;

				_v44 = 7;
				_t92 = 0;
				_t96 = 0x2000000;
				_v40 = 0;
				_v52 = 0;
				_v48 = 0;
				_t109 = L6D80F108(0, __ecx, __ecx,  &_v40);
				if(_t109 >= 0) {
					if(_a4 != 1) {
						RtlInitUnicodeString( &_v36, L"Control Panel\\Desktop\\MuiCached");
						_v32 = _v48;
						_t104 = 0x18;
						_v28 =  &_v44;
						_push( &_v36);
						_push(0x20019);
						_v60 = 0;
						_push( &_v60);
						_v36 = _t104;
						_v24 = 0x40;
						_v20 = 0;
						_v16 = 0;
						_t109 = E6D849600();
						if(_t109 < 0) {
							L5:
							if(_t109 == 0x80000005) {
								goto L9;
							} else {
								_push(_v60);
								E6D8495D0();
								_v64 = _t92;
								RtlInitUnicodeString( &_v48, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\MUI\\Settings");
								_v48 = _t104;
								_v44 = _t92;
								goto L7;
							}
						} else {
							RtlInitUnicodeString( &_v44, L"MachinePreferredUILanguages");
							_push(0x2000000);
							_t96 = _v68;
							_t109 = E6D80F018(_t96,  &_v52,  &_v60, 0,  &_v64);
							if(_t109 >= 0) {
								goto L9;
							} else {
								goto L5;
							}
						}
					} else {
						RtlInitUnicodeString( &_v36, L"Control Panel\\Desktop");
						_v36 = 0x18;
						_v32 = _v48;
						L7:
						_v68 = _t92;
						_v36 =  &_v52;
						_push( &_v44);
						_push(0x20019);
						_v32 = 0x40;
						_push( &_v68);
						_v28 = _t92;
						_v24 = _t92;
						_t109 = E6D849600();
						if(_t109 >= 0) {
							RtlInitUnicodeString( &_v52, L"PreferredUILanguages");
							_push(_t96);
							_t96 = _v76;
							_t109 = E6D80F018(_t96,  &_v60,  &_v68, _t92,  &_v72);
							L9:
							if(_t109 != 0xc0000034) {
								_t105 = _v56;
								if(_t105 != 0) {
									if(_t109 != 0x80000005) {
										_t109 = 0xc0000034;
									} else {
										_t107 = _t105 + 1 >> 1;
										if(_a8 != _t92) {
											_t94 = _a12;
											if( *_t94 >= _t107) {
												_push(_t96);
												_t109 = E6D80F018(_v60,  &_v44,  &_v52, _a8,  &_v56);
												if(_t109 < 0) {
													goto L17;
												} else {
													if(_v56 == 7) {
														goto L16;
													} else {
														_t109 = 0xc0000034;
														goto L17;
													}
												}
												L29:
											} else {
												_t109 = 0xc0000023;
												L16:
												 *_t94 = _t107;
											}
											L17:
											_t92 = 0;
										} else {
											_t109 = _t92;
											 *_a12 = _t107;
										}
									}
								}
							}
						}
					}
				}
				_t61 = _v40;
				if(_t61 != 0) {
					if(_t61 != 0xffffffff) {
						 *0x6d7e6cc4(_t61);
					}
					_v40 = _t92;
				}
				if(_v52 != 0) {
					_push(_v52);
					E6D8495D0();
				}
				return _t109;
				goto L29;
			}


























                                                                                  0x6d8bcf82
                                                                                  0x6d8bcf8c
                                                                                  0x6d8bcf91
                                                                                  0x6d8bcf96
                                                                                  0x6d8bcf9a
                                                                                  0x6d8bcf9e
                                                                                  0x6d8bcfa7
                                                                                  0x6d8bcfab
                                                                                  0x6d8bcfb9
                                                                                  0x6d8bcfe1
                                                                                  0x6d8bcfea
                                                                                  0x6d8bcff4
                                                                                  0x6d8bcff5
                                                                                  0x6d8bcffd
                                                                                  0x6d8bcffe
                                                                                  0x6d8bd007
                                                                                  0x6d8bd00b
                                                                                  0x6d8bd00c
                                                                                  0x6d8bd010
                                                                                  0x6d8bd018
                                                                                  0x6d8bd01c
                                                                                  0x6d8bd025
                                                                                  0x6d8bd029
                                                                                  0x6d8bd05d
                                                                                  0x6d8bd063
                                                                                  0x00000000
                                                                                  0x6d8bd069
                                                                                  0x6d8bd069
                                                                                  0x6d8bd06d
                                                                                  0x6d8bd07b
                                                                                  0x6d8bd080
                                                                                  0x6d8bd085
                                                                                  0x6d8bd089
                                                                                  0x00000000
                                                                                  0x6d8bd089
                                                                                  0x6d8bd02b
                                                                                  0x6d8bd035
                                                                                  0x6d8bd03a
                                                                                  0x6d8bd03b
                                                                                  0x6d8bd053
                                                                                  0x6d8bd057
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8bd057
                                                                                  0x6d8bcfbb
                                                                                  0x6d8bcfc1
                                                                                  0x6d8bcfca
                                                                                  0x6d8bcfd2
                                                                                  0x6d8bd08d
                                                                                  0x6d8bd091
                                                                                  0x6d8bd095
                                                                                  0x6d8bd09d
                                                                                  0x6d8bd09e
                                                                                  0x6d8bd0a7
                                                                                  0x6d8bd0af
                                                                                  0x6d8bd0b0
                                                                                  0x6d8bd0b4
                                                                                  0x6d8bd0bd
                                                                                  0x6d8bd0c1
                                                                                  0x6d8bd0cd
                                                                                  0x6d8bd0d2
                                                                                  0x6d8bd0d3
                                                                                  0x6d8bd0eb
                                                                                  0x6d8bd0ed
                                                                                  0x6d8bd0f4
                                                                                  0x6d8bd0f6
                                                                                  0x6d8bd0fc
                                                                                  0x6d8bd104
                                                                                  0x6d8bd18d
                                                                                  0x6d8bd10a
                                                                                  0x6d8bd10b
                                                                                  0x6d8bd110
                                                                                  0x6d8bd11b
                                                                                  0x6d8bd120
                                                                                  0x6d8bd15e
                                                                                  0x6d8bd179
                                                                                  0x6d8bd17d
                                                                                  0x00000000
                                                                                  0x6d8bd17f
                                                                                  0x6d8bd184
                                                                                  0x00000000
                                                                                  0x6d8bd186
                                                                                  0x6d8bd186
                                                                                  0x00000000
                                                                                  0x6d8bd186
                                                                                  0x6d8bd184
                                                                                  0x00000000
                                                                                  0x6d8bd122
                                                                                  0x6d8bd122
                                                                                  0x6d8bd127
                                                                                  0x6d8bd127
                                                                                  0x6d8bd127
                                                                                  0x6d8bd129
                                                                                  0x6d8bd129
                                                                                  0x6d8bd112
                                                                                  0x6d8bd115
                                                                                  0x6d8bd117
                                                                                  0x6d8bd117
                                                                                  0x6d8bd110
                                                                                  0x6d8bd104
                                                                                  0x6d8bd0fc
                                                                                  0x6d8bd0f4
                                                                                  0x6d8bd0c1
                                                                                  0x6d8bcfb9
                                                                                  0x6d8bd12b
                                                                                  0x6d8bd131
                                                                                  0x6d8bd136
                                                                                  0x6d8bd139
                                                                                  0x6d8bd139
                                                                                  0x6d8bd13f
                                                                                  0x6d8bd13f
                                                                                  0x6d8bd148
                                                                                  0x6d8bd14a
                                                                                  0x6d8bd14e
                                                                                  0x6d8bd14e
                                                                                  0x6d8bd15b
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB(?,Control Panel\Desktop,?,?,?), ref: 6D8BCFC1
                                                                                  • RtlInitUnicodeString.BCCB(?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6D8BCFE1
                                                                                  • ZwOpenKey.BCCB(?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6D8BD020
                                                                                  • RtlInitUnicodeString.BCCB(?,MachinePreferredUILanguages,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6D8BD035
                                                                                  • ZwClose.BCCB(?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6D8BD06D
                                                                                  • RtlInitUnicodeString.BCCB(?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6D8BD080
                                                                                  • ZwOpenKey.BCCB(00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6D8BD0B8
                                                                                  • RtlInitUnicodeString.BCCB(?,PreferredUILanguages,00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached), ref: 6D8BD0CD
                                                                                  • ZwClose.BCCB(?,?,?,?), ref: 6D8BD139
                                                                                  • ZwClose.BCCB(00000000,?,?,?), ref: 6D8BD14E
                                                                                  Strings
                                                                                  • @, xrefs: 6D8BD0A7
                                                                                  • Control Panel\Desktop, xrefs: 6D8BCFBB
                                                                                  • Control Panel\Desktop\MuiCached, xrefs: 6D8BCFDB
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 6D8BD072
                                                                                  • @, xrefs: 6D8BD010
                                                                                  • MachinePreferredUILanguages, xrefs: 6D8BD02B
                                                                                  • PreferredUILanguages, xrefs: 6D8BD0C3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitStringUnicode$Close$Open
                                                                                  • String ID: @$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                  • API String ID: 3920864254-2289709611
                                                                                  • Opcode ID: cc04a6eae18170c4e6c119bd85dd167cad910e020c01ac3f49f9dbe953fe07db
                                                                                  • Instruction ID: 642f42ce04c058f87c2929a861096b243987a2957b45dec5be30edb75c9561ca
                                                                                  • Opcode Fuzzy Hash: cc04a6eae18170c4e6c119bd85dd167cad910e020c01ac3f49f9dbe953fe07db
                                                                                  • Instruction Fuzzy Hash: 2D513071808706AFC311DF19C88495FF7E8BBC9658F019E2EF595A7250D730DA058B92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8065A0, Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 157nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 65%
                                                                                  			E6D8065A0(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				void* _v28;
				signed int _v300;
				intOrPtr _v304;
				signed int _v308;
				intOrPtr _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				void _v324;
				intOrPtr* _v328;
				void _v332;
				int _v336;
				void* _v340;
				char _v344;
				void* _v348;
				char _v352;
				char _v356;
				char _v360;
				char _v364;
				void* _v368;
				void* _v372;
				void* _v388;
				void* __ebx;
				void* __edi;
				void* __esi;
				void _t75;
				intOrPtr* _t110;
				void* _t111;
				signed int _t112;
				signed int _t118;
				void* _t132;
				void* _t135;
				intOrPtr* _t137;
				void* _t142;
				signed int _t143;
				signed int _t145;

				_t145 = (_t143 & 0xfffffff8) - 0x15c;
				_v8 =  *0x6d8fd360 ^ _t145;
				_t75 = _a4;
				_t124 = 0;
				_v332 = _t75;
				_t110 = _a12;
				_t137 = _a8;
				_v328 = _t137;
				if(_t75 != 0) {
					_push("true");
					_pop(_t112);
					_v340 = 0;
					_v336 = 0;
					memset( &_v324, 0, _t112 << 2);
					_t145 = _t145 + 0xc;
					_v344 = 0;
					_v348 = 0;
					_t132 = 0;
					RtlInitUnicodeString( &_v340, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion");
					_v332 = 0x18;
					_v324 =  &_v348;
					_v328 = 0;
					_push( &_v332);
					_push(0x20119);
					_v320 = 0x40;
					_push( &_v352);
					_v316 = 0;
					_v312 = 0;
					if(E6D849600() >= 0) {
						if(E6D8066D4(_v352, L"UBR",  &_v356) >= 0) {
							_t132 = _v356;
						}
						_push(_v352);
						E6D8495D0();
					}
					_v308 = 0x11c;
					E6D834020( &_v308);
					_t89 = _v344;
					asm("adc esi, edx");
					asm("adc esi, 0x0");
					 *_t89 = 0 + _v300 * 0x10000 + _t132;
					 *((intOrPtr*)(_t89 + 4)) = _v308 * 0x10000 + _v304;
					_t124 = 0;
					_t137 = _v340;
				}
				if(_t137 != 0) {
					_v348 = _t124;
					_v344 = _t124;
					_v356 = 3;
					RtlInitUnicodeString( &_v348, L"Kernel-OneCore-DeviceFamilyID");
					_push( &_v344);
					_push(4);
					_push( &_v364);
					_push( &_v348);
					_push( &_v356);
					E6D84A9B0();
					_t89 =  *((intOrPtr*)(_t145 + 0x10));
					 *_t137 =  *((intOrPtr*)(_t145 + 0x10));
				}
				if(_t110 != 0) {
					_t118 = 6;
					memset( &_v332, 0, _t118 << 2);
					_t145 = _t145 + 0xc;
					_v348 = 0;
					_v344 = 0;
					_v352 = 0;
					_v356 = 0;
					 *_t110 = 0;
					RtlInitUnicodeString( &_v348, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM");
					_v340 = 0x18;
					_v332 =  &_v356;
					_push( &_v340);
					_push(0x20119);
					_v336 = 0;
					_push( &_v360);
					_v328 = 0x40;
					_v324 = 0;
					_v320 = 0;
					if(E6D849600() >= 0) {
						_t124 = L"DeviceForm";
						if(E6D8066D4(_v360, L"DeviceForm",  &_v364) >= 0) {
							 *_t110 = _v364;
						}
						_push(_v360);
						_t89 = E6D8495D0();
					}
				}
				_pop(_t135);
				_pop(_t142);
				_pop(_t111);
				return E6D84B640(_t89, _t111,  *(_t145 + 0x164) ^ _t145, _t124, _t135, _t142);
			}







































                                                                                  0x6d8065a8
                                                                                  0x6d8065b5
                                                                                  0x6d8065bc
                                                                                  0x6d8065bf
                                                                                  0x6d8065c1
                                                                                  0x6d8065c6
                                                                                  0x6d8065ca
                                                                                  0x6d8065cd
                                                                                  0x6d8065d4
                                                                                  0x6d8619a6
                                                                                  0x6d8619a8
                                                                                  0x6d8619ab
                                                                                  0x6d8619b3
                                                                                  0x6d8619b7
                                                                                  0x6d8619b7
                                                                                  0x6d8619c2
                                                                                  0x6d8619c7
                                                                                  0x6d8619cb
                                                                                  0x6d8619cd
                                                                                  0x6d8619d6
                                                                                  0x6d8619de
                                                                                  0x6d8619e8
                                                                                  0x6d8619ec
                                                                                  0x6d8619ed
                                                                                  0x6d8619f6
                                                                                  0x6d8619fe
                                                                                  0x6d8619ff
                                                                                  0x6d861a03
                                                                                  0x6d861a0e
                                                                                  0x6d861a25
                                                                                  0x6d861a27
                                                                                  0x6d861a27
                                                                                  0x6d861a2b
                                                                                  0x6d861a2f
                                                                                  0x6d861a2f
                                                                                  0x6d861a38
                                                                                  0x6d861a41
                                                                                  0x6d861a66
                                                                                  0x6d861a6a
                                                                                  0x6d861a6e
                                                                                  0x6d861a71
                                                                                  0x6d861a73
                                                                                  0x6d861a76
                                                                                  0x6d861a78
                                                                                  0x6d861a78
                                                                                  0x6d8065dc
                                                                                  0x6d8065e7
                                                                                  0x6d8065ec
                                                                                  0x6d8065f0
                                                                                  0x6d8065f8
                                                                                  0x6d806601
                                                                                  0x6d806602
                                                                                  0x6d806608
                                                                                  0x6d80660d
                                                                                  0x6d806612
                                                                                  0x6d806613
                                                                                  0x6d806618
                                                                                  0x6d80661c
                                                                                  0x6d80661c
                                                                                  0x6d806620
                                                                                  0x6d80663b
                                                                                  0x6d806644
                                                                                  0x6d806644
                                                                                  0x6d80664f
                                                                                  0x6d806654
                                                                                  0x6d806658
                                                                                  0x6d80665c
                                                                                  0x6d806660
                                                                                  0x6d806662
                                                                                  0x6d80666b
                                                                                  0x6d806673
                                                                                  0x6d80667b
                                                                                  0x6d80667c
                                                                                  0x6d806685
                                                                                  0x6d806689
                                                                                  0x6d80668a
                                                                                  0x6d806692
                                                                                  0x6d806696
                                                                                  0x6d8066a1
                                                                                  0x6d8066b0
                                                                                  0x6d8066bc
                                                                                  0x6d8066d0
                                                                                  0x6d8066d0
                                                                                  0x6d8066be
                                                                                  0x6d8066c2
                                                                                  0x6d8066c2
                                                                                  0x6d8066a1
                                                                                  0x6d806629
                                                                                  0x6d80662a
                                                                                  0x6d80662b
                                                                                  0x6d806636

                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB ref: 6D8065F8
                                                                                  • ZwQueryLicenseValue.BCCB(?,?,00000003,00000004,?), ref: 6D806613
                                                                                  • RtlInitUnicodeString.BCCB(?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM), ref: 6D806662
                                                                                  • ZwClose.BCCB(?,?,?,?,?,?,00020119,00000018), ref: 6D8066C2
                                                                                  • ZwOpenKey.BCCB(?,?,?,?,00020119,00000018), ref: 6D80669A
                                                                                    • Part of subcall function 6D849600: LdrInitializeThunk.NTDLL(6D80ED52,?,?,?,?,00020019,00000018,?,?,?,?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000), ref: 6D84960A
                                                                                  • RtlInitUnicodeString.BCCB(?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6D8619CD
                                                                                  • ZwOpenKey.BCCB(?,?,?,?,00020119,00000018), ref: 6D861A07
                                                                                  • ZwClose.BCCB(?,?,?,?,?,?,00020119,00000018), ref: 6D861A2F
                                                                                  • RtlGetVersion.BCCB(?,?,?,?,?,00020119,00000018), ref: 6D861A41
                                                                                  Strings
                                                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion, xrefs: 6D8619B9
                                                                                  • @, xrefs: 6D80668A
                                                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM, xrefs: 6D806646
                                                                                  • @, xrefs: 6D8619F6
                                                                                  • DeviceForm, xrefs: 6D8066B0
                                                                                  • Kernel-OneCore-DeviceFamilyID, xrefs: 6D8065DE
                                                                                  • UBR, xrefs: 6D861A19
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitStringUnicode$CloseOpen$InitializeLicenseQueryThunkValueVersion
                                                                                  • String ID: @$@$DeviceForm$Kernel-OneCore-DeviceFamilyID$UBR$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM
                                                                                  • API String ID: 2689724482-2811273990
                                                                                  • Opcode ID: 1dfdb08c4cea592baa01e463a7b3d84b4097ba62d18ca5f58bf6db06241a2b94
                                                                                  • Instruction ID: 64ddc4a3994d7206a963b97e54bcb3760434f222e1041728568a8fc0c5a6b17e
                                                                                  • Opcode Fuzzy Hash: 1dfdb08c4cea592baa01e463a7b3d84b4097ba62d18ca5f58bf6db06241a2b94
                                                                                  • Instruction Fuzzy Hash: 675129B15083159FC310CF19C985A5BBBE8BFC8758F018D2EFA98D7251E731DA498B92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82A229, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 183nativememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 69%
                                                                                  			E6D82A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E6D82DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E6D849730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E6D8CA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E6D849660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E6D80B150();
					} else {
						E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E6D80B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E6D827D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E6D8C138A(_t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E6D827D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E6D827D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E6D8C1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E6D827D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E6D827D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E6D8C1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E6D85D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                  0x6d82a229
                                                                                  0x6d82a231
                                                                                  0x6d82a23f
                                                                                  0x6d82a242
                                                                                  0x6d82a244
                                                                                  0x6d82a24c
                                                                                  0x6d82a255
                                                                                  0x6d82a25a
                                                                                  0x6d82a25f
                                                                                  0x6d871c76
                                                                                  0x6d871c78
                                                                                  0x6d871c7e
                                                                                  0x6d871c7f
                                                                                  0x6d871c81
                                                                                  0x6d871c82
                                                                                  0x6d871c84
                                                                                  0x6d871c89
                                                                                  0x6d871c8b
                                                                                  0x6d871c9e
                                                                                  0x6d871c9e
                                                                                  0x6d871cab
                                                                                  0x6d871cb2
                                                                                  0x00000000
                                                                                  0x6d871cb2
                                                                                  0x6d871c8d
                                                                                  0x6d871c92
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d871c94
                                                                                  0x6d871c98
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d871c98
                                                                                  0x6d82a265
                                                                                  0x6d82a265
                                                                                  0x6d82a266
                                                                                  0x6d82a26f
                                                                                  0x6d82a270
                                                                                  0x6d82a276
                                                                                  0x6d82a277
                                                                                  0x6d82a279
                                                                                  0x6d82a27e
                                                                                  0x6d82a282
                                                                                  0x6d871db5
                                                                                  0x6d871dbb
                                                                                  0x6d871dc1
                                                                                  0x6d871dc5
                                                                                  0x6d871de4
                                                                                  0x6d871de9
                                                                                  0x6d871dc7
                                                                                  0x6d871ddc
                                                                                  0x6d871de1
                                                                                  0x6d871def
                                                                                  0x6d871df3
                                                                                  0x6d871df7
                                                                                  0x6d871dfe
                                                                                  0x6d871e06
                                                                                  0x6d82a302
                                                                                  0x6d82a308
                                                                                  0x6d82a308
                                                                                  0x6d82a288
                                                                                  0x6d82a28d
                                                                                  0x6d82a294
                                                                                  0x6d871cc1
                                                                                  0x6d82a29a
                                                                                  0x6d82a29a
                                                                                  0x6d82a29a
                                                                                  0x6d82a29f
                                                                                  0x6d871ccb
                                                                                  0x6d871cd1
                                                                                  0x6d871cd8
                                                                                  0x6d871cea
                                                                                  0x6d871cea
                                                                                  0x6d871cd8
                                                                                  0x6d82a2a9
                                                                                  0x6d82a2af
                                                                                  0x6d82a2bc
                                                                                  0x6d871cfd
                                                                                  0x6d82a2c2
                                                                                  0x6d82a2c2
                                                                                  0x6d82a2c2
                                                                                  0x6d82a2c7
                                                                                  0x6d871d07
                                                                                  0x6d871d0d
                                                                                  0x6d871d14
                                                                                  0x6d871d1f
                                                                                  0x6d871d21
                                                                                  0x6d871d2c
                                                                                  0x6d871d2c
                                                                                  0x6d871d2c
                                                                                  0x6d871d47
                                                                                  0x6d871d47
                                                                                  0x6d871d14
                                                                                  0x6d82a2cd
                                                                                  0x6d82a2d2
                                                                                  0x6d82a2d9
                                                                                  0x6d871d5a
                                                                                  0x6d82a2df
                                                                                  0x6d82a2df
                                                                                  0x6d82a2df
                                                                                  0x6d82a2e4
                                                                                  0x6d871d69
                                                                                  0x6d871d6b
                                                                                  0x6d871d76
                                                                                  0x6d871d76
                                                                                  0x6d871d76
                                                                                  0x6d871d91
                                                                                  0x6d871d91
                                                                                  0x6d82a2ea
                                                                                  0x6d82a2f0
                                                                                  0x6d82a2f5
                                                                                  0x6d871da8
                                                                                  0x6d871dad
                                                                                  0x6d871dad
                                                                                  0x6d82a2fd
                                                                                  0x6d82a300
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,00000014,00000000,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6D82A279
                                                                                    • Part of subcall function 6D849660: LdrInitializeThunk.NTDLL(6D8918BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6D8E0810,0000001C,6D891616), ref: 6D84966A
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(000000FF,00000014,00000000,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6D82A288
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6D82A2B5
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6D82A2CD
                                                                                  • ZwQueryVirtualMemory.BCCB(000000FF,?,00000003,00000014,00000014,00000000,?,?,?,-00000018,?,?,?,?,6D8C4C8F), ref: 6D871C84
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C), ref: 6D871DDC
                                                                                  • DbgPrint.BCCB(ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix),00000000,?,?,?), ref: 6D871DFE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSession$MemoryPrintVirtual$AllocateInitializeQueryThunk
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                  • API String ID: 1108326835-2586055223
                                                                                  • Opcode ID: bc707490ab5b0da9b66a4a98cee10e2951e9c2de340f8a35aa51e8158a86d109
                                                                                  • Instruction ID: 195ad0269aa699908b5fcc12b01b1f11ff144b6c439c294bc6b5174bf9af8b52
                                                                                  • Opcode Fuzzy Hash: bc707490ab5b0da9b66a4a98cee10e2951e9c2de340f8a35aa51e8158a86d109
                                                                                  • Instruction Fuzzy Hash: BA5102312596819FD322CB68CC5CF2A7BF8FF80B54F054C68FA648B691D724D944CBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80F51D, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185librarymemorytimeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 77%
                                                                                  			E6D80F51D(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v12;
				intOrPtr* _v16;
				void* _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t54;
				intOrPtr _t63;
				intOrPtr _t76;
				signed int _t77;
				signed int _t86;
				void* _t88;
				signed int _t89;
				void* _t90;
				intOrPtr* _t91;
				intOrPtr _t92;
				intOrPtr* _t93;
				void* _t94;
				void* _t95;
				signed int _t101;
				intOrPtr* _t107;
				void* _t108;
				intOrPtr* _t109;
				void* _t110;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				intOrPtr* _t115;
				void* _t116;
				signed int _t117;
				signed int _t118;
				signed int _t120;

				_t106 = __edx;
				_t93 = __ecx;
				_t120 = (_t118 & 0xfffffff8) - 0x14;
				_v8 =  *0x6d8fd360 ^ _t120;
				_t115 = __ecx;
				_v24 =  *[fs:0x30];
				_t88 = 0;
				_v16 = __ecx;
				_push(_t108);
				if( *((intOrPtr*)(__ecx + 0x20)) == 0xfffffffc) {
					L3:
					 *(_t115 + 0x20) =  *(_t115 + 0x20) | 0xffffffff;
					E6D810225(_t88, _t93, _t108, _t115,  *(_t115 + 0x20));
					L4:
					if( *0x6d8f8472 != _t88) {
						_t106 =  *0x7ffe0330;
						_t89 =  *0x6d8fb210; // 0x0
						_t94 = 0x20;
						_t93 = _t94 - (_t106 & 0x0000001f);
						asm("ror ebx, cl");
						_t88 = _t89 ^ _t106;
					}
					L6D81EEF0(0x6d8f52d8);
					_t54 =  *_t115;
					while(1) {
						_v20 = _t54;
						if(_t54 == _t115) {
							break;
						}
						_t22 = _t54 - 0x54; // -84
						_t109 = _t22;
						__eflags =  *(_t109 + 0x34) & 0x00000008;
						if(( *(_t109 + 0x34) & 0x00000008) != 0) {
							_push(_t93);
							_t106 = 2;
							E6D818B80(_t109, _t106);
							__eflags = _t88;
							if(_t88 != 0) {
								 *0x6d8fb1e0(_t109);
								 *_t88();
							}
							_t93 = _t109;
							E6D818800(_t93, 1);
							_t63 = _v32;
							__eflags =  *(_t63 + 0x68) & 0x00000100;
							if(( *(_t63 + 0x68) & 0x00000100) != 0) {
								_t93 = _t109;
								E6D88EA20(_t93);
							}
						}
						__eflags =  *0x6d8f5780 & 0x00000005;
						if(__eflags != 0) {
							_t46 = _t109 + 0x24; // -48
							E6D885510("minkernel\\ntdll\\ldrsnap.c", 0xc5e, "LdrpUnloadNode", 2, "Unmapping DLL \"%wZ\"\n", _t46);
							_t120 = _t120 + 0x18;
						}
						_push(0);
						_push( *((intOrPtr*)(_t109 + 0x18)));
						E6D810100(_t88, _t93, _t109, _t115, __eflags);
						_t54 =  *_v28;
					}
					_t65 = E6D81EB70(_t93, 0x6d8f52d8);
					while(1) {
						L8:
						_t95 =  *(_t115 + 0x18);
						if(_t95 == 0) {
							break;
						}
						_t110 =  *_t95;
						__eflags = _t110 - _t95;
						if(_t110 != _t95) {
							_t65 =  *_t110;
							 *_t95 =  *_t110;
						} else {
							_t34 = _t115 + 0x18;
							 *_t34 =  *(_t115 + 0x18) & 0x00000000;
							__eflags =  *_t34;
						}
						__eflags = _t110;
						if(_t110 == 0) {
							break;
						} else {
							E6D822280(_t65, 0x6d8f84d8);
							_t92 =  *((intOrPtr*)(_t110 + 4));
							_t37 = _t110 + 8; // -76
							_t107 = _t37;
							_t101 =  *(_t92 + 0x1c);
							_t76 =  *_t101;
							_v28 = _t76;
							__eflags = _t76 - _t107;
							if(_t76 != _t107) {
								_t117 = _v24;
								do {
									_t77 =  *_t117;
									_t101 = _t117;
									_t117 = _t77;
									__eflags = _t77 - _t107;
								} while (_t77 != _t107);
								_t115 = _v16;
							}
							 *_t101 =  *_t107;
							__eflags =  *(_t92 + 0x1c) - _t107;
							if(__eflags == 0) {
								asm("sbb eax, eax");
								_t86 =  ~(_t101 - _t107) & _t101;
								__eflags = _t86;
								 *(_t92 + 0x1c) = _t86;
							}
							_t106 = 0;
							_push( &_v12);
							E6D81093F(_t92, _t92, 0, _t110, _t115, __eflags);
							E6D81FFB0(_t92, _t110, 0x6d8f84d8);
							__eflags = _v20;
							if(_v20 != 0) {
								E6D80F51D(_t92, 0);
							}
							_t65 = RtlFreeHeap( *0x6d8f7b98, 0, _t110);
							continue;
						}
					}
					_t111 =  *_t115;
					 *(_t115 + 0x20) = 0xfffffffe;
					if(_t111 == _t115) {
						L14:
						_pop(_t112);
						_pop(_t116);
						_pop(_t90);
						return E6D84B640(_t65, _t90, _v8 ^ _t120, _t106, _t112, _t116);
					} else {
						goto L10;
					}
					do {
						L10:
						_t91 =  *_t111;
						_t113 = _t111 + 0xffffffac;
						 *(_t113 + 0x34) =  *(_t113 + 0x34) | 0x00000002;
						E6D822280(_t65, 0x6d8f84d8);
						E6D81008A(_t113, _t115);
						if(( *(_t113 + 0x34) & 0x00000080) != 0) {
							_t17 = _t113 + 0x74; // -140
							L6D80F900(0x6d8f85fc, _t17);
							_t18 = _t113 + 0x68; // -152
							L6D80F900(0x6d8f85f4, _t18);
							 *(_t113 + 0x20) =  *(_t113 + 0x20) & 0x00000000;
						}
						E6D81FFB0(_t91, _t113, 0x6d8f84d8);
						if( *0x6d8f7b94 != 0) {
							E6D840413(_t113);
						}
						_t65 = E6D81EC7F(_t113);
						_t111 = _t91;
					} while (_t91 != _t115);
					goto L14;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 7) {
					goto L4;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) != 9) {
					goto L8;
				}
				goto L3;
			}









































                                                                                  0x6d80f51d
                                                                                  0x6d80f51d
                                                                                  0x6d80f525
                                                                                  0x6d80f52f
                                                                                  0x6d80f53b
                                                                                  0x6d80f53d
                                                                                  0x6d80f541
                                                                                  0x6d80f543
                                                                                  0x6d80f547
                                                                                  0x6d80f54c
                                                                                  0x6d80f55a
                                                                                  0x6d80f55a
                                                                                  0x6d80f55e
                                                                                  0x6d80f563
                                                                                  0x6d80f569
                                                                                  0x6d80f718
                                                                                  0x6d80f720
                                                                                  0x6d80f72b
                                                                                  0x6d80f72c
                                                                                  0x6d80f72e
                                                                                  0x6d80f730
                                                                                  0x6d80f730
                                                                                  0x6d80f574
                                                                                  0x6d80f579
                                                                                  0x6d80f57b
                                                                                  0x6d80f57b
                                                                                  0x6d80f581
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d80f61f
                                                                                  0x6d80f61f
                                                                                  0x6d80f622
                                                                                  0x6d80f626
                                                                                  0x6d80f628
                                                                                  0x6d80f62b
                                                                                  0x6d80f62e
                                                                                  0x6d80f633
                                                                                  0x6d80f635
                                                                                  0x6d80f73a
                                                                                  0x6d80f740
                                                                                  0x6d80f740
                                                                                  0x6d80f63d
                                                                                  0x6d80f63f
                                                                                  0x6d80f644
                                                                                  0x6d80f648
                                                                                  0x6d80f64f
                                                                                  0x6d865d11
                                                                                  0x6d865d13
                                                                                  0x6d865d13
                                                                                  0x6d80f64f
                                                                                  0x6d80f655
                                                                                  0x6d80f65c
                                                                                  0x6d865d1d
                                                                                  0x6d865d37
                                                                                  0x6d865d3c
                                                                                  0x6d865d3c
                                                                                  0x6d80f662
                                                                                  0x6d80f664
                                                                                  0x6d80f667
                                                                                  0x6d80f670
                                                                                  0x6d80f670
                                                                                  0x6d80f58c
                                                                                  0x6d80f591
                                                                                  0x6d80f591
                                                                                  0x6d80f591
                                                                                  0x6d80f596
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d80f677
                                                                                  0x6d80f679
                                                                                  0x6d80f67b
                                                                                  0x6d80f706
                                                                                  0x6d80f708
                                                                                  0x6d80f681
                                                                                  0x6d80f681
                                                                                  0x6d80f681
                                                                                  0x6d80f681
                                                                                  0x6d80f681
                                                                                  0x6d80f685
                                                                                  0x6d80f687
                                                                                  0x00000000
                                                                                  0x6d80f68d
                                                                                  0x6d80f692
                                                                                  0x6d80f697
                                                                                  0x6d80f69a
                                                                                  0x6d80f69a
                                                                                  0x6d80f69d
                                                                                  0x6d80f6a0
                                                                                  0x6d80f6a2
                                                                                  0x6d80f6a6
                                                                                  0x6d80f6a8
                                                                                  0x6d80f6f2
                                                                                  0x6d80f6f6
                                                                                  0x6d80f6f6
                                                                                  0x6d80f6f8
                                                                                  0x6d80f6fa
                                                                                  0x6d80f6fc
                                                                                  0x6d80f6fc
                                                                                  0x6d80f700
                                                                                  0x6d80f700
                                                                                  0x6d80f6ac
                                                                                  0x6d80f6ae
                                                                                  0x6d80f6b1
                                                                                  0x6d80f6b9
                                                                                  0x6d80f6bb
                                                                                  0x6d80f6bb
                                                                                  0x6d80f6bd
                                                                                  0x6d80f6bd
                                                                                  0x6d80f6c4
                                                                                  0x6d80f6c6
                                                                                  0x6d80f6c9
                                                                                  0x6d80f6d3
                                                                                  0x6d80f6d8
                                                                                  0x6d80f6dd
                                                                                  0x6d80f711
                                                                                  0x6d80f711
                                                                                  0x6d80f6e8
                                                                                  0x00000000
                                                                                  0x6d80f6e8
                                                                                  0x6d80f687
                                                                                  0x6d80f59c
                                                                                  0x6d80f59e
                                                                                  0x6d80f5a7
                                                                                  0x6d80f60d
                                                                                  0x6d80f611
                                                                                  0x6d80f612
                                                                                  0x6d80f613
                                                                                  0x6d80f61e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d80f5a9
                                                                                  0x6d80f5a9
                                                                                  0x6d80f5a9
                                                                                  0x6d80f5ab
                                                                                  0x6d80f5b3
                                                                                  0x6d80f5b7
                                                                                  0x6d80f5be
                                                                                  0x6d80f5c7
                                                                                  0x6d80f5c9
                                                                                  0x6d80f5d2
                                                                                  0x6d80f5d7
                                                                                  0x6d80f5e0
                                                                                  0x6d80f5e5
                                                                                  0x6d80f5e5
                                                                                  0x6d80f5ee
                                                                                  0x6d80f5fa
                                                                                  0x6d865d46
                                                                                  0x6d865d46
                                                                                  0x6d80f602
                                                                                  0x6d80f607
                                                                                  0x6d80f609
                                                                                  0x00000000
                                                                                  0x6d80f5a9
                                                                                  0x6d80f552
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d80f558
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F52D8), ref: 6D80F574
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F52D8,?,00000000,6D8F52D8), ref: 6D80F58C
                                                                                  • RtlAcquireSRWLockExclusive.BCCB ref: 6D80F5B7
                                                                                  • RtlRbRemoveNode.BCCB(6D8F85FC,-0000008C), ref: 6D80F5D2
                                                                                  • RtlRbRemoveNode.BCCB(6D8F85F4,-00000098,6D8F85FC,-0000008C), ref: 6D80F5E0
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F84D8), ref: 6D80F5EE
                                                                                  • LdrUnloadAlternateResourceModuleEx.BCCB(?,00000000,6D8F52D8), ref: 6D80F667
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F84D8,6D8F52D8,?,00000000,6D8F52D8), ref: 6D80F692
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F84D8,?,6D8F84D8,6D8F52D8,?,00000000,6D8F52D8), ref: 6D80F6D3
                                                                                  • RtlFreeHeap.BCCB(00000000,-00000054,6D8F84D8,?,6D8F84D8,6D8F52D8), ref: 6D80F6E8
                                                                                  • RtlDebugPrintTimes.BCCB(-00000054,?,6D8F52D8), ref: 6D80F73A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireCriticalNodeReleaseRemoveSection$AlternateDebugEnterFreeHeapLeaveModulePrintResourceTimesUnload
                                                                                  • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                  • API String ID: 2596885168-2283098728
                                                                                  • Opcode ID: 34207e0b76e3b6dc2bbde7511406ae5cef771fc37ceefe2f74903082ad03a34b
                                                                                  • Instruction ID: 4cb264a07ac20bc2cf5ad61d1245a1d46f52fa2a7b97cef7eb2a4456c4f5e09c
                                                                                  • Opcode Fuzzy Hash: 34207e0b76e3b6dc2bbde7511406ae5cef771fc37ceefe2f74903082ad03a34b
                                                                                  • Instruction Fuzzy Hash: F251E27120C7069FC715DF28CC8CB3A77B1BBA9318F118E69F561872A1D730A845CB96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8052A5, Relevance: 24.2, APIs: 16, Instructions: 161nativememoryfileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 78%
                                                                                  			E6D8052A5(char __ecx) {
				char _v20;
				void* _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v60;
				void* __ebx;
				void* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				void* _t102;
				void* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					L6D81EEF0(0x6d8f79a0);
					_t104 =  *0x6d8f8210;
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E6D81EB70(_t93, 0x6d8f79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E6D849890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									L6D81EEF0(0x6d8f79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E6D81EB70(0, 0x6d8f79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t93 = _t104 + 0xc;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E6D83F0BF(_t104 + 0xc,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									L6D81EEF0(0x6d8f79a0);
									__eflags =  *0x6d8f8210 - _t104;
									if( *0x6d8f8210 == _t104) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x6d8f8210 = _t102;
										 *_t95 =  *((intOrPtr*)(_t102 + 0xc));
										 *((intOrPtr*)(_t95 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
										 *((intOrPtr*)(_t95 + 8)) =  *((intOrPtr*)(_t102 + 4));
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E6D884888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E6D81EB70(_t95, 0x6d8f79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E6D8495D0();
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
											_t102 = _v40;
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E6D8495D0();
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
											_t102 = _v40;
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E6D81EB70(_t93, 0x6d8f79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E6D8495D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
										_t102 = _v40;
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t102 + 4)));
										E6D8495D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E6D83F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                  0x6d8052a5
                                                                                  0x6d8052ad
                                                                                  0x6d8052b0
                                                                                  0x6d8052b3
                                                                                  0x6d8052b7
                                                                                  0x6d8052ba
                                                                                  0x6d8052bf
                                                                                  0x6d8052c4
                                                                                  0x6d8052cc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8052ce
                                                                                  0x6d8052d9
                                                                                  0x6d8052dd
                                                                                  0x6d8052e7
                                                                                  0x6d8052f7
                                                                                  0x6d8052f9
                                                                                  0x6d8052fd
                                                                                  0x6d860dcf
                                                                                  0x6d860dd5
                                                                                  0x6d860dd6
                                                                                  0x6d860dd7
                                                                                  0x6d860dd8
                                                                                  0x6d860dd9
                                                                                  0x6d860dde
                                                                                  0x6d860ddf
                                                                                  0x6d860de0
                                                                                  0x6d860de1
                                                                                  0x6d860de2
                                                                                  0x6d860de5
                                                                                  0x6d860dea
                                                                                  0x6d860dec
                                                                                  0x6d860f60
                                                                                  0x6d860f64
                                                                                  0x6d860f70
                                                                                  0x6d860f76
                                                                                  0x6d860f79
                                                                                  0x6d860f79
                                                                                  0x00000000
                                                                                  0x6d860f64
                                                                                  0x6d860df2
                                                                                  0x6d860df7
                                                                                  0x6d860e04
                                                                                  0x6d860e0d
                                                                                  0x6d860e10
                                                                                  0x6d860e1a
                                                                                  0x6d860e1c
                                                                                  0x6d860e4c
                                                                                  0x6d860e52
                                                                                  0x6d860e61
                                                                                  0x6d860e67
                                                                                  0x6d860e6b
                                                                                  0x6d860e70
                                                                                  0x6d860e76
                                                                                  0x6d860ed7
                                                                                  0x6d860edc
                                                                                  0x6d860ee0
                                                                                  0x6d860eea
                                                                                  0x6d860ef0
                                                                                  0x6d860ef6
                                                                                  0x6d860ef9
                                                                                  0x6d860efe
                                                                                  0x6d860f01
                                                                                  0x6d860f01
                                                                                  0x6d860f0b
                                                                                  0x6d860f12
                                                                                  0x6d860f16
                                                                                  0x6d860f18
                                                                                  0x6d860f1b
                                                                                  0x6d860f2c
                                                                                  0x6d860f31
                                                                                  0x6d860f31
                                                                                  0x6d860f35
                                                                                  0x6d860f39
                                                                                  0x6d860f3a
                                                                                  0x6d860f3c
                                                                                  0x6d860f3f
                                                                                  0x6d860f50
                                                                                  0x6d860f55
                                                                                  0x6d860f55
                                                                                  0x6d860f59
                                                                                  0x6d8052eb
                                                                                  0x6d8052f1
                                                                                  0x6d8052f1
                                                                                  0x6d860e7d
                                                                                  0x6d860e84
                                                                                  0x6d860e88
                                                                                  0x6d860e8a
                                                                                  0x6d860e8d
                                                                                  0x6d860e9e
                                                                                  0x6d860ea3
                                                                                  0x6d860ea3
                                                                                  0x6d860ea7
                                                                                  0x6d860eaf
                                                                                  0x6d860eb3
                                                                                  0x6d860eb9
                                                                                  0x6d860ebc
                                                                                  0x6d860ecd
                                                                                  0x6d860ecd
                                                                                  0x00000000
                                                                                  0x6d860eb3
                                                                                  0x6d860e21
                                                                                  0x6d860e2b
                                                                                  0x6d860e2f
                                                                                  0x6d860e30
                                                                                  0x6d860e3a
                                                                                  0x6d860e3f
                                                                                  0x6d860e41
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d860e47
                                                                                  0x00000000
                                                                                  0x6d860e47
                                                                                  0x6d860df9
                                                                                  0x6d860dfe
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d860dfe
                                                                                  0x6d805303
                                                                                  0x6d805307
                                                                                  0x00000000
                                                                                  0x6d805309
                                                                                  0x00000000
                                                                                  0x6d805309
                                                                                  0x6d805307
                                                                                  0x6d8052e9
                                                                                  0x6d8052e9
                                                                                  0x00000000
                                                                                  0x6d8052e9
                                                                                  0x6d80530e
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F79A0,?,00000000,?), ref: 6D8052BF
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F79A0,6D8F79A0,?,00000000,?), ref: 6D8052DD
                                                                                  • ZwFsControlFile.BCCB(00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6D8F79A0,6D8F79A0,?,00000000,?), ref: 6D860DE5
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F79A0,6D8F79A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6D8F79A0,6D8F79A0,?,00000000), ref: 6D860E6B
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F79A0,6D8F79A0,6D8F79A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6D8F79A0,6D8F79A0,?), ref: 6D860E7D
                                                                                  • ZwClose.BCCB(00000000,6D8F79A0,6D8F79A0,6D8F79A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6D8F79A0,6D8F79A0), ref: 6D860E8D
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,00000000,6D8F79A0,6D8F79A0,6D8F79A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6D860E9E
                                                                                  • ZwClose.BCCB(?,6D8F79A0,6D8F79A0,6D8F79A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6D8F79A0,6D8F79A0), ref: 6D860EBC
                                                                                  • RtlFreeHeap.BCCB(?,00000000,6D8F79A0,?,6D8F79A0,6D8F79A0,6D8F79A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6D860ECD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CloseEnterFreeHeapLeave$ControlFile
                                                                                  • String ID:
                                                                                  • API String ID: 1928194833-0
                                                                                  • Opcode ID: 008f444b749880581aee55ae2f61e6165bb5cf61a317f38743a608474a1f848e
                                                                                  • Instruction ID: 6929fbbfec070b2388bc791c150ac0baa4b59fd2a48898c74a3a00918be4c21b
                                                                                  • Opcode Fuzzy Hash: 008f444b749880581aee55ae2f61e6165bb5cf61a317f38743a608474a1f848e
                                                                                  • Instruction Fuzzy Hash: 5051DC701097829BD321CF69CC48B2BBBA8FF44754F124D1EF59987691E774E844CBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8C49A4, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 114memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,?,00000000,?,00001000,00000004,00000000,?,00000000,?,?,6D8C44B7,?), ref: 6D8C49DF
                                                                                    • Part of subcall function 6D849660: LdrInitializeThunk.NTDLL(6D8918BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6D8E0810,0000001C,6D891616), ref: 6D84966A
                                                                                  • RtlCompareMemory.BCCB(?,01000000,?,00000000,?,00000000,?,?,6D8C44B7,?), ref: 6D8C49FE
                                                                                  • memcpy.BCCB(01000000,?,?,00000000,?,00000000,?,?,6D8C44B7,?), ref: 6D8C4A0C
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?), ref: 6D8C4A42
                                                                                  • DbgPrint.BCCB(HEAP: ,?), ref: 6D8C4A4F
                                                                                  • DbgPrint.BCCB(Heap %p - headers modified (%p is %lx instead of %lx),?,HEAP: ,HEAP: ,00000000,?), ref: 6D8C4A66
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?), ref: 6D8C4ABC
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?), ref: 6D8C4AC9
                                                                                  • DbgPrint.BCCB( This is located in the %s field of the heap header.,?,?,?,?,?,?), ref: 6D8C4ADB
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$Memory$AllocateCompareInitializeThunkVirtualmemcpy
                                                                                  • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                  • API String ID: 4107597528-336120773
                                                                                  • Opcode ID: 4d88ea684c6dd1f64dcc42e58d6427f5b962a51bd25671d6e529b7935f677ad3
                                                                                  • Instruction ID: 18162ab25a00544ffa33b380aef4e6c201aa250acac344df14cd9beae39d22f2
                                                                                  • Opcode Fuzzy Hash: 4d88ea684c6dd1f64dcc42e58d6427f5b962a51bd25671d6e529b7935f677ad3
                                                                                  • Instruction Fuzzy Hash: 7331E131114118EFD711CB5CC889F6B73A8EF49768F218866F915DB251D731F980CAAB
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D803ACA, Relevance: 21.3, APIs: 14, Instructions: 348COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 69%
                                                                                  			E6D803ACA(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t197;
				intOrPtr _t200;
				intOrPtr _t206;
				intOrPtr _t209;
				intOrPtr _t217;
				signed int _t224;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				signed int _t233;
				intOrPtr _t238;
				signed int _t246;
				signed int _t249;
				char* _t252;
				intOrPtr _t257;
				signed int _t272;
				intOrPtr _t280;
				intOrPtr _t281;
				signed char _t286;
				signed int _t291;
				signed int _t292;
				intOrPtr _t299;
				intOrPtr _t301;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				intOrPtr _t312;
				signed int* _t313;
				intOrPtr _t315;
				signed int _t316;
				void* _t317;

				_push(0x84);
				_push(0x6d8df4d0);
				E6D85D0E8(__ebx, __edi, __esi);
				_t312 = __edx;
				 *((intOrPtr*)(_t317 - 0x38)) = __edx;
				 *((intOrPtr*)(_t317 - 0x20)) = __ecx;
				_t307 = 0;
				 *(_t317 - 0x74) = 0;
				 *((intOrPtr*)(_t317 - 0x78)) = 0;
				_t272 = 0;
				 *(_t317 - 0x60) = 0;
				 *((intOrPtr*)(_t317 - 0x68)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t197 = __edx + 0x28;
				 *((intOrPtr*)(_t317 - 0x7c)) = _t197;
				 *((intOrPtr*)(_t317 - 0x88)) = _t197;
				E6D822280(_t197, _t197);
				_t280 =  *((intOrPtr*)(_t312 + 0x2c));
				 *((intOrPtr*)(_t317 - 0x34)) = _t280;
				L1:
				while(1) {
					if(_t280 == _t312 + 0x2c) {
						E6D81FFB0(_t272, _t307,  *((intOrPtr*)(_t317 - 0x7c)));
						asm("sbb ebx, ebx");
						return E6D85D130( ~_t272 & 0xc000022d, _t307, _t312);
					}
					_t15 = _t280 - 4; // -4
					_t200 = _t15;
					 *((intOrPtr*)(_t317 - 0x70)) = _t200;
					 *((intOrPtr*)(_t317 - 0x8c)) = _t200;
					 *((intOrPtr*)(_t317 - 0x6c)) = _t200;
					_t308 = 0x7ffe0010;
					_t313 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									 *(_t317 - 0x30) =  *0x6d8f8628;
									 *(_t317 - 0x44) =  *0x6d8f862c;
									 *(_t317 - 0x28) =  *_t313;
									 *(_t317 - 0x58) = _t313[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t281 =  *0x7ffe0008;
										__eflags = _t301 -  *_t308;
										if(_t301 ==  *_t308) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t313 = 0x7ffe03b0;
									_t309 =  *0x7ffe03b0;
									 *(_t317 - 0x40) = _t309;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t317 - 0x3c)) = _t206;
									__eflags =  *(_t317 - 0x28) - _t309;
									_t308 = 0x7ffe0010;
								} while ( *(_t317 - 0x28) != _t309);
								__eflags =  *(_t317 - 0x58) - _t206;
							} while ( *(_t317 - 0x58) != _t206);
							 *(_t317 - 0x28) =  *0x6d8f862c;
							__eflags =  *(_t317 - 0x30) -  *0x6d8f8628;
							_t308 = 0x7ffe0010;
						} while ( *(_t317 - 0x30) !=  *0x6d8f8628);
						__eflags =  *(_t317 - 0x44) -  *(_t317 - 0x28);
					} while ( *(_t317 - 0x44) !=  *(_t317 - 0x28));
					_t315 =  *((intOrPtr*)(_t317 - 0x6c));
					_t307 = 0;
					_t272 =  *(_t317 - 0x60);
					asm("sbb edx, [ebp-0x3c]");
					asm("sbb edx, eax");
					 *(_t317 - 0x28) = _t281 -  *(_t317 - 0x40) -  *(_t317 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x2c]");
					_t209 =  *((intOrPtr*)(_t317 - 0x20));
					_t286 =  *(_t315 + 0x24) &  *(_t209 + 0x18);
					 *(_t317 - 0x40) = _t286;
					__eflags =  *(_t315 + 0x34);
					if( *(_t315 + 0x34) != 0) {
						L37:
						 *((intOrPtr*)(_t317 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t317 - 0x34))));
						E6D83DF4C(_t317 - 0x78, _t315, _t317 - 0x74, _t317 - 0x78);
						_t316 =  *(_t317 - 0x74);
						__eflags = _t316;
						_t280 =  *((intOrPtr*)(_t317 - 0x34));
						if(_t316 != 0) {
							 *0x6d8fb1e0( *((intOrPtr*)(_t317 - 0x78)));
							 *_t316();
							_t280 =  *((intOrPtr*)(_t317 - 0x34));
						}
						_t312 =  *((intOrPtr*)(_t317 - 0x38));
						continue;
					}
					__eflags = _t286;
					if(_t286 == 0) {
						goto L37;
					}
					 *(_t317 - 0x5c) = _t286;
					_t45 = _t317 - 0x5c;
					 *_t45 =  *(_t317 - 0x5c) & 0x00000001;
					__eflags =  *_t45;
					if( *_t45 == 0) {
						L40:
						__eflags = _t286 & 0xfffffffe;
						if((_t286 & 0xfffffffe) != 0) {
							__eflags =  *((intOrPtr*)(_t315 + 0x64)) - _t307;
							if( *((intOrPtr*)(_t315 + 0x64)) == _t307) {
								L14:
								__eflags =  *(_t315 + 0x40) - _t307;
								if( *(_t315 + 0x40) != _t307) {
									__eflags = _t301 -  *(_t315 + 0x4c);
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t299 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *(_t315 + 0x5c) -  *((intOrPtr*)(_t299 + 0x10));
										if( *(_t315 + 0x5c) >=  *((intOrPtr*)(_t299 + 0x10))) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t317 - 0x28) -  *(_t315 + 0x48);
									if( *(_t317 - 0x28) >=  *(_t315 + 0x48)) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *((intOrPtr*)(_t317 + 8)) - _t307;
								if( *((intOrPtr*)(_t317 + 8)) != _t307) {
									__eflags =  *((intOrPtr*)(_t315 + 0x58)) - _t307;
									if( *((intOrPtr*)(_t315 + 0x58)) != _t307) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t317 - 0x24) = _t307;
								 *(_t317 - 0x30) = _t307;
								 *((intOrPtr*)(_t317 - 0x2c)) =  *((intOrPtr*)(_t315 + 0x10));
								_t217 =  *((intOrPtr*)(_t315 + 0xc));
								 *((intOrPtr*)(_t317 - 0x4c)) =  *((intOrPtr*)(_t217 + 0x10));
								 *((intOrPtr*)(_t317 - 0x48)) =  *((intOrPtr*)(_t217 + 0x14));
								 *(_t317 - 0x58) =  *(_t217 + 0x24);
								 *((intOrPtr*)(_t317 - 0x3c)) =  *((intOrPtr*)(_t315 + 0x14));
								 *((intOrPtr*)(_t317 - 0x64)) =  *((intOrPtr*)(_t315 + 0x18));
								 *(_t315 + 0x60) =  *( *[fs:0x18] + 0x24);
								_t224 =  *((intOrPtr*)(_t317 - 0x38)) + 0x28;
								 *(_t317 - 0x94) = _t224;
								_t291 = _t224;
								 *(_t317 - 0x28) = _t291;
								 *(_t317 - 0x90) = _t291;
								E6D81FFB0(_t272, _t307, _t224);
								_t292 = _t307;
								 *(_t317 - 0x54) = _t292;
								_t226 = _t307;
								 *(_t317 - 0x50) = _t226;
								 *(_t317 - 0x44) = _t226;
								__eflags =  *(_t315 + 0x28);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t229 = 0;
									_t230 = _t229 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t317 - 0x50) = _t230;
									 *(_t317 - 0x44) = _t230;
									__eflags = _t230;
									if(_t230 != 0) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t317 + 8)) - 1;
									if( *((intOrPtr*)(_t317 + 8)) == 1) {
										E6D822280( *(_t315 + 0x28) + 0x10,  *(_t315 + 0x28) + 0x10);
										_t230 = 1;
										 *(_t317 - 0x50) = 1;
										 *(_t317 - 0x44) = 1;
										goto L17;
									}
									_t233 = _t230 + 1;
									L35:
									 *( *((intOrPtr*)(_t317 - 0x70)) + 0x58) = _t233;
									__eflags = _t292;
									if(_t292 == 0) {
										E6D822280(_t233,  *(_t317 - 0x28));
									}
									 *(_t315 + 0x60) = _t307;
									goto L37;
								}
								L17:
								__eflags =  *(_t315 + 0x34) - _t307;
								if( *(_t315 + 0x34) != _t307) {
									L26:
									__eflags =  *(_t317 - 0x50);
									if( *(_t317 - 0x50) != 0) {
										_t230 = E6D81FFB0(_t272, _t307,  *(_t315 + 0x28) + 0x10);
									}
									__eflags =  *(_t317 - 0x30);
									if( *(_t317 - 0x30) == 0) {
										L71:
										_t292 =  *(_t317 - 0x54);
										L34:
										_t233 = _t307;
										goto L35;
									}
									E6D822280(_t230,  *(_t317 - 0x94));
									_t292 = 1;
									 *(_t317 - 0x54) = 1;
									__eflags =  *(_t317 - 0x24) - 0xc000022d;
									if( *(_t317 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) == 0) {
											goto L34;
										}
										_t272 = 1;
										__eflags = 1;
										 *(_t317 - 0x60) = 1;
										E6D8930AE(_t315,  *(_t317 - 0x24),  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10));
										goto L71;
									}
									__eflags =  *(_t317 - 0x24) - 0xc0000017;
									if( *(_t317 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t315 + 0x1c);
									if( *(_t315 + 0x1c) != 0) {
										_t238 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c);
										if( *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) != 0) {
											__eflags =  *(_t315 + 0x50) - _t307;
											if( *(_t315 + 0x50) > _t307) {
												 *(_t315 + 0x40) = _t307;
												 *(_t315 + 0x54) = _t307;
												 *(_t315 + 0x48) = _t307;
												 *(_t315 + 0x4c) = _t307;
												 *(_t315 + 0x50) = _t307;
												 *(_t315 + 0x5c) = _t307;
											}
										}
										goto L34;
									}
									L31:
									 *(_t315 + 0x1c) =  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10);
									goto L32;
								}
								 *(_t317 - 0x30) = 1;
								 *((intOrPtr*)(_t317 - 0x80)) = 1;
								 *((intOrPtr*)(_t317 - 0x64)) = E6D803E80( *((intOrPtr*)(_t317 - 0x64)));
								 *(_t317 - 4) = _t307;
								__eflags =  *(_t317 - 0x5c);
								if( *(_t317 - 0x5c) != 0) {
									_t257 =  *((intOrPtr*)(_t317 - 0x20));
									 *0x6d8fb1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t257 + 0x10)),  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)),  *((intOrPtr*)(_t317 - 0x68)),  *((intOrPtr*)(_t257 + 0x14)));
									 *(_t317 - 0x24) =  *((intOrPtr*)(_t317 - 0x2c))();
								}
								_t246 =  *(_t317 - 0x40);
								__eflags = _t246 & 0x00000010;
								if((_t246 & 0x00000010) != 0) {
									__eflags =  *(_t315 + 0x34) - _t307;
									if( *(_t315 + 0x34) != _t307) {
										goto L21;
									}
									__eflags =  *(_t317 - 0x24);
									if( *(_t317 - 0x24) >= 0) {
										L64:
										 *0x6d8fb1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)), _t307,  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)), _t307, _t307);
										 *((intOrPtr*)(_t317 - 0x2c))();
										 *(_t317 - 0x24) = _t307;
										_t246 =  *(_t317 - 0x40);
										goto L21;
									}
									__eflags =  *(_t315 + 0x20) & 0x00000004;
									if(( *(_t315 + 0x20) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t246 & 0xffffffee;
									if((_t246 & 0xffffffee) != 0) {
										 *(_t317 - 0x24) = _t307;
										 *0x6d8fb1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t317 - 0x3c)), _t246);
										 *((intOrPtr*)(_t317 - 0x2c))();
									}
									_t249 = E6D827D50();
									__eflags = _t249;
									if(_t249 != 0) {
										_t252 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t252 = 0x7ffe038e;
									}
									__eflags =  *_t252;
									if( *_t252 != 0) {
										_t252 = E6D892E14( *( *((intOrPtr*)(_t317 - 0x20)) + 0x10), _t315,  *((intOrPtr*)(_t317 - 0x38)),  *((intOrPtr*)(_t317 - 0x2c)),  *(_t317 - 0x40),  *(_t317 - 0x24),  *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)));
									}
									 *(_t317 - 4) = 0xfffffffe;
									E6D803E6B(_t252);
									_t230 = E6D803E80( *((intOrPtr*)(_t317 - 0x64)));
									goto L26;
								}
							}
						}
						__eflags = _t286 & 0x00000010;
						if((_t286 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t315 + 0x1c);
					if( *(_t315 + 0x1c) != 0) {
						__eflags =  *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c);
						if( *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}


































                                                                                  0x6d803aca
                                                                                  0x6d803acf
                                                                                  0x6d803ad4
                                                                                  0x6d803ad9
                                                                                  0x6d803adb
                                                                                  0x6d803ae0
                                                                                  0x6d803ae3
                                                                                  0x6d803ae5
                                                                                  0x6d803ae8
                                                                                  0x6d803aeb
                                                                                  0x6d803aed
                                                                                  0x6d803af5
                                                                                  0x6d803af8
                                                                                  0x6d803afb
                                                                                  0x6d803afe
                                                                                  0x6d803b05
                                                                                  0x6d803b0a
                                                                                  0x6d803b0d
                                                                                  0x00000000
                                                                                  0x6d803b10
                                                                                  0x6d803b15
                                                                                  0x6d803b1a
                                                                                  0x6d803b21
                                                                                  0x6d803b30
                                                                                  0x6d803b30
                                                                                  0x6d803b33
                                                                                  0x6d803b33
                                                                                  0x6d803b36
                                                                                  0x6d803b39
                                                                                  0x6d803b3f
                                                                                  0x6d803b47
                                                                                  0x6d803b4a
                                                                                  0x6d803b4a
                                                                                  0x6d803b4f
                                                                                  0x6d803b4f
                                                                                  0x6d803b4f
                                                                                  0x6d803b4f
                                                                                  0x6d803b4f
                                                                                  0x6d803b54
                                                                                  0x6d803b5c
                                                                                  0x6d803b61
                                                                                  0x6d803b67
                                                                                  0x6d803b6f
                                                                                  0x6d803b6f
                                                                                  0x6d803b71
                                                                                  0x6d803b75
                                                                                  0x6d803b77
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803e6c
                                                                                  0x6d803e6c
                                                                                  0x6d803b7d
                                                                                  0x6d803b7d
                                                                                  0x6d803b82
                                                                                  0x6d803b84
                                                                                  0x6d803b87
                                                                                  0x6d803b8a
                                                                                  0x6d803b8d
                                                                                  0x6d803b90
                                                                                  0x6d803b90
                                                                                  0x6d803b97
                                                                                  0x6d803b97
                                                                                  0x6d803ba7
                                                                                  0x6d803baa
                                                                                  0x6d803bad
                                                                                  0x6d803bad
                                                                                  0x6d803bb7
                                                                                  0x6d803bb7
                                                                                  0x6d803bbc
                                                                                  0x6d803bbf
                                                                                  0x6d803bc1
                                                                                  0x6d803bc7
                                                                                  0x6d803bcd
                                                                                  0x6d803bd5
                                                                                  0x6d803bd8
                                                                                  0x6d803bda
                                                                                  0x6d803be1
                                                                                  0x6d803be4
                                                                                  0x6d803be7
                                                                                  0x6d803bea
                                                                                  0x6d803bed
                                                                                  0x6d803d97
                                                                                  0x6d803d9c
                                                                                  0x6d803da8
                                                                                  0x6d803dad
                                                                                  0x6d803db0
                                                                                  0x6d803db2
                                                                                  0x6d803db5
                                                                                  0x6d86020b
                                                                                  0x6d860211
                                                                                  0x6d860213
                                                                                  0x6d860213
                                                                                  0x6d803dbb
                                                                                  0x00000000
                                                                                  0x6d803dbb
                                                                                  0x6d803bf3
                                                                                  0x6d803bf5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803bfb
                                                                                  0x6d803bfe
                                                                                  0x6d803bfe
                                                                                  0x6d803bfe
                                                                                  0x6d803c02
                                                                                  0x6d803dd1
                                                                                  0x6d803dd1
                                                                                  0x6d803dd7
                                                                                  0x6d8600c1
                                                                                  0x6d8600c4
                                                                                  0x6d803c11
                                                                                  0x6d803c11
                                                                                  0x6d803c14
                                                                                  0x6d8600cf
                                                                                  0x6d8600d2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8600d8
                                                                                  0x6d8600e6
                                                                                  0x6d8600e9
                                                                                  0x6d8600ec
                                                                                  0x6d8600ef
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8600f5
                                                                                  0x6d8600dd
                                                                                  0x6d8600e0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8600e0
                                                                                  0x6d803c1a
                                                                                  0x6d803c1a
                                                                                  0x6d803c1d
                                                                                  0x6d803e20
                                                                                  0x6d803e23
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803e29
                                                                                  0x6d803c23
                                                                                  0x6d803c23
                                                                                  0x6d803c26
                                                                                  0x6d803c2c
                                                                                  0x6d803c2f
                                                                                  0x6d803c35
                                                                                  0x6d803c3b
                                                                                  0x6d803c41
                                                                                  0x6d803c47
                                                                                  0x6d803c4d
                                                                                  0x6d803c59
                                                                                  0x6d803c5f
                                                                                  0x6d803c62
                                                                                  0x6d803c68
                                                                                  0x6d803c6a
                                                                                  0x6d803c6d
                                                                                  0x6d803c74
                                                                                  0x6d803c79
                                                                                  0x6d803c7b
                                                                                  0x6d803c7e
                                                                                  0x6d803c80
                                                                                  0x6d803c83
                                                                                  0x6d803c89
                                                                                  0x6d803c8b
                                                                                  0x6d803dea
                                                                                  0x6d803df1
                                                                                  0x6d803df2
                                                                                  0x6d803df5
                                                                                  0x6d803df8
                                                                                  0x6d803dfb
                                                                                  0x6d803dfd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803e03
                                                                                  0x6d803e07
                                                                                  0x6d803e42
                                                                                  0x6d803e49
                                                                                  0x6d803e4a
                                                                                  0x6d803e4d
                                                                                  0x00000000
                                                                                  0x6d803e4d
                                                                                  0x6d803e09
                                                                                  0x6d803d86
                                                                                  0x6d803d89
                                                                                  0x6d803d8c
                                                                                  0x6d803d8e
                                                                                  0x6d803e31
                                                                                  0x6d803e31
                                                                                  0x6d803d94
                                                                                  0x00000000
                                                                                  0x6d803d94
                                                                                  0x6d803c91
                                                                                  0x6d803c91
                                                                                  0x6d803c94
                                                                                  0x6d803d23
                                                                                  0x6d803d23
                                                                                  0x6d803d27
                                                                                  0x6d803e16
                                                                                  0x6d803e16
                                                                                  0x6d803d2d
                                                                                  0x6d803d31
                                                                                  0x6d8601fe
                                                                                  0x6d8601fe
                                                                                  0x6d803d84
                                                                                  0x6d803d84
                                                                                  0x00000000
                                                                                  0x6d803d84
                                                                                  0x6d803d3d
                                                                                  0x6d803d44
                                                                                  0x6d803d45
                                                                                  0x6d803d48
                                                                                  0x6d803d4f
                                                                                  0x6d8601de
                                                                                  0x6d8601de
                                                                                  0x6d8601e2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8601ea
                                                                                  0x6d8601ea
                                                                                  0x6d8601eb
                                                                                  0x6d8601f9
                                                                                  0x00000000
                                                                                  0x6d8601f9
                                                                                  0x6d803d55
                                                                                  0x6d803d5c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803d62
                                                                                  0x6d803d66
                                                                                  0x6d803e55
                                                                                  0x6d803e5e
                                                                                  0x6d803e60
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803d75
                                                                                  0x6d803d75
                                                                                  0x6d803d79
                                                                                  0x6d803d7b
                                                                                  0x6d803d7e
                                                                                  0x6d8601c7
                                                                                  0x6d8601ca
                                                                                  0x6d8601cd
                                                                                  0x6d8601d0
                                                                                  0x6d8601d3
                                                                                  0x6d8601d6
                                                                                  0x6d8601d6
                                                                                  0x6d803d7e
                                                                                  0x00000000
                                                                                  0x6d803d79
                                                                                  0x6d803d6c
                                                                                  0x6d803d72
                                                                                  0x00000000
                                                                                  0x6d803d72
                                                                                  0x6d803c9d
                                                                                  0x6d803ca0
                                                                                  0x6d803cab
                                                                                  0x6d803cae
                                                                                  0x6d803cb1
                                                                                  0x6d803cb5
                                                                                  0x6d803cb7
                                                                                  0x6d803cd2
                                                                                  0x6d803cdb
                                                                                  0x6d803cdb
                                                                                  0x6d803cde
                                                                                  0x6d803ce1
                                                                                  0x6d803ce3
                                                                                  0x6d8600fa
                                                                                  0x6d8600fd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d860103
                                                                                  0x6d860107
                                                                                  0x6d860113
                                                                                  0x6d860125
                                                                                  0x6d86012b
                                                                                  0x6d86012e
                                                                                  0x6d860131
                                                                                  0x00000000
                                                                                  0x6d860131
                                                                                  0x6d860109
                                                                                  0x6d86010d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803ce9
                                                                                  0x6d803ce9
                                                                                  0x6d803ce9
                                                                                  0x6d803cee
                                                                                  0x6d860139
                                                                                  0x6d860149
                                                                                  0x6d86014f
                                                                                  0x6d86014f
                                                                                  0x6d803cf4
                                                                                  0x6d803cf9
                                                                                  0x6d803cfb
                                                                                  0x6d860160
                                                                                  0x6d803d01
                                                                                  0x6d803d01
                                                                                  0x6d803d01
                                                                                  0x6d803d06
                                                                                  0x6d803d09
                                                                                  0x6d860184
                                                                                  0x6d860184
                                                                                  0x6d803d0f
                                                                                  0x6d803d16
                                                                                  0x6d803d1e
                                                                                  0x00000000
                                                                                  0x6d803d1e
                                                                                  0x6d803ce3
                                                                                  0x6d8600ca
                                                                                  0x6d803ddd
                                                                                  0x6d803de0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803de2
                                                                                  0x6d803c08
                                                                                  0x6d803c0b
                                                                                  0x6d803dc9
                                                                                  0x6d803dcb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803dcb
                                                                                  0x00000000
                                                                                  0x6d803c0b

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(00000000,6D8DF4D0,00000084,6D803A18,00000000,?,?), ref: 6D803B05
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,00000000,6D8DF4D0,00000084,6D803A18,00000000,?,?), ref: 6D803B1A
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,?,00000000,6D8DF4D0,00000084,6D803A18,00000000,?,?), ref: 6D803C74
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$Acquire
                                                                                  • String ID:
                                                                                  • API String ID: 1021914862-0
                                                                                  • Opcode ID: 6e83d1848feb35e88898c1ad4b80cc00b6fee6698c9e9bf3e542110b91b72695
                                                                                  • Instruction ID: 841031edf8abcf818ae0d43d10f99d76776405fef6316f3c1c2814769b115819
                                                                                  • Opcode Fuzzy Hash: 6e83d1848feb35e88898c1ad4b80cc00b6fee6698c9e9bf3e542110b91b72695
                                                                                  • Instruction Fuzzy Hash: 11E10070E04609DFCB25CFA9C988A9DFBF1FF48314F10892AE946A7660D735A881CF50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83AC7B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 205nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 80%
                                                                                  			E6D83AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x9
					E6D85D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x6d8f8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1018
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x21
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E6D8496E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E6D8B3C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E6D8496E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E6D80B150();
							} else {
								E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E6D80B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E6D8C14FB(_t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E6D827D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E6D8C1411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E6D827D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E6D8C1411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                                  0x6d83ac85
                                                                                  0x6d83ac88
                                                                                  0x6d83ac8a
                                                                                  0x6d83ac8d
                                                                                  0x6d83ac91
                                                                                  0x6d83ac99
                                                                                  0x6d83ac9c
                                                                                  0x6d879f57
                                                                                  0x6d879f5b
                                                                                  0x6d879f60
                                                                                  0x6d879f60
                                                                                  0x6d83aca8
                                                                                  0x6d83acae
                                                                                  0x6d83acda
                                                                                  0x6d83acde
                                                                                  0x6d83ace8
                                                                                  0x6d83aceb
                                                                                  0x6d83acee
                                                                                  0x00000000
                                                                                  0x6d83acee
                                                                                  0x6d83acf6
                                                                                  0x6d83acb0
                                                                                  0x6d83acb0
                                                                                  0x6d83acbb
                                                                                  0x6d83acbd
                                                                                  0x6d83acc0
                                                                                  0x6d83acc5
                                                                                  0x6d83adae
                                                                                  0x6d83adb4
                                                                                  0x6d83adb4
                                                                                  0x6d83acd4
                                                                                  0x6d83acd8
                                                                                  0x6d83acf9
                                                                                  0x6d83acff
                                                                                  0x6d83ad04
                                                                                  0x6d83ad08
                                                                                  0x6d83ad09
                                                                                  0x6d83ad10
                                                                                  0x6d83ad12
                                                                                  0x6d83ad18
                                                                                  0x6d879f6f
                                                                                  0x6d879f74
                                                                                  0x6d879f76
                                                                                  0x6d879f7c
                                                                                  0x6d879f84
                                                                                  0x6d879f88
                                                                                  0x6d879f89
                                                                                  0x6d879f90
                                                                                  0x6d879f90
                                                                                  0x6d879f76
                                                                                  0x6d83ad1e
                                                                                  0x6d83ad24
                                                                                  0x6d83ad26
                                                                                  0x6d87a097
                                                                                  0x6d87a09b
                                                                                  0x6d87a0ba
                                                                                  0x6d87a0bf
                                                                                  0x6d87a09d
                                                                                  0x6d87a0b2
                                                                                  0x6d87a0b7
                                                                                  0x6d87a0c5
                                                                                  0x6d87a0c8
                                                                                  0x6d87a0cb
                                                                                  0x6d87a0d2
                                                                                  0x00000000
                                                                                  0x6d83ad2c
                                                                                  0x6d83ad2c
                                                                                  0x6d83ad2f
                                                                                  0x6d83ad34
                                                                                  0x6d83ad36
                                                                                  0x6d879f97
                                                                                  0x6d879f9a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d879fa9
                                                                                  0x6d83ad3e
                                                                                  0x6d83ad3e
                                                                                  0x6d83ad41
                                                                                  0x6d879fb3
                                                                                  0x6d879fb9
                                                                                  0x6d879fc0
                                                                                  0x6d879fd0
                                                                                  0x6d879fd0
                                                                                  0x6d879fc0
                                                                                  0x6d83ad4a
                                                                                  0x6d83ad50
                                                                                  0x6d83ad5c
                                                                                  0x6d83ad62
                                                                                  0x6d83ad68
                                                                                  0x6d83ad6b
                                                                                  0x6d83ad6d
                                                                                  0x6d879fda
                                                                                  0x6d879fdd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d879fec
                                                                                  0x00000000
                                                                                  0x6d83ad73
                                                                                  0x6d83ad73
                                                                                  0x6d83ad73
                                                                                  0x6d83ad75
                                                                                  0x6d83ad75
                                                                                  0x6d83ad78
                                                                                  0x6d879ff6
                                                                                  0x6d879ffc
                                                                                  0x6d87a003
                                                                                  0x6d87a00e
                                                                                  0x6d87a010
                                                                                  0x6d87a01b
                                                                                  0x6d87a01b
                                                                                  0x6d87a01b
                                                                                  0x6d87a038
                                                                                  0x6d87a038
                                                                                  0x6d87a003
                                                                                  0x6d83ad84
                                                                                  0x6d83ad89
                                                                                  0x6d83ad8c
                                                                                  0x6d83ad8e
                                                                                  0x6d87a042
                                                                                  0x6d87a045
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d87a054
                                                                                  0x00000000
                                                                                  0x6d83ad94
                                                                                  0x6d83ad94
                                                                                  0x6d83ad94
                                                                                  0x6d83ad96
                                                                                  0x6d83ad96
                                                                                  0x6d83ad99
                                                                                  0x6d87a063
                                                                                  0x6d87a065
                                                                                  0x6d87a070
                                                                                  0x6d87a070
                                                                                  0x6d87a070
                                                                                  0x6d87a08d
                                                                                  0x6d87a08d
                                                                                  0x6d83ada4
                                                                                  0x6d83ada6
                                                                                  0x00000000
                                                                                  0x6d83ada6
                                                                                  0x6d83ad8e
                                                                                  0x6d83ad6d
                                                                                  0x6d83ad3c
                                                                                  0x6d83ad3c
                                                                                  0x00000000
                                                                                  0x6d83ad3c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d83acd8

                                                                                  APIs
                                                                                  • ZwFreeVirtualMemory.BCCB(000000FF,-00000018,?,00004000,?,-00000007,00000001,?,-00000018,?), ref: 6D83AD0B
                                                                                  • RtlFillMemoryUlong.BCCB(00000009,?,FEEEFEEE,?,-00000007,00000001,?,-00000018,?), ref: 6D879F5B
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 6D87A0AD
                                                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 6D87A0CD
                                                                                  • HEAP: , xrefs: 6D87A0BA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Memory$FillFreeUlongVirtual
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                  • API String ID: 3117835691-1340214556
                                                                                  • Opcode ID: 7f664595e37e46dd5a2602c4462399c94837431572ee5613562d6ed9099f0e5b
                                                                                  • Instruction ID: 9ecb5b7b7cb083b684b0a6ee16b1038b8bdcbd0a62c950a1a431c8300ee850af
                                                                                  • Opcode Fuzzy Hash: 7f664595e37e46dd5a2602c4462399c94837431572ee5613562d6ed9099f0e5b
                                                                                  • Instruction Fuzzy Hash: C381F331244695EFDB22CBACC988FA9BBF8FF05314F0149A5F5548B691D774EA40CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D89B8D0, Relevance: 19.7, APIs: 13, Instructions: 199memorynativethreadCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 35%
                                                                                  			E6D89B8D0(intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				long _v8;
				signed int _v12;
				signed int _t80;
				void* _t83;
				void* _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				signed int _t115;
				void* _t116;
				void* _t118;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t124 = RtlAllocateHeap( *( *[fs:0x30] + 0x18),  *0x6d8f7b9c + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E6D849800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E6D8495B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E6D8495D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *( *[fs:0x30] + 0x18));
								L37:
								RtlFreeHeap();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E6D849910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t83);
												}
											}
											_push( *_t124);
											E6D8495D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t92 = RtlAllocateHeap( *( *[fs:0x30] + 0x18),  *0x6d8f7b9c + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E6D849910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t115 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t115 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t115 + _t119 - 4) =  *(_t115 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E6D80A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t116 = 0x28;
						_t122 = E6D89E7D3(_t116, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *( *[fs:0x30] + 0x18));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t118 = 4;
					_t122 = E6D89E7D3(_t118, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E6D8495B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}


















                                                                                  0x6d89b8d9
                                                                                  0x6d89b8e4
                                                                                  0x00000000
                                                                                  0x6d89b8e6
                                                                                  0x6d89b8f3
                                                                                  0x6d89b8f5
                                                                                  0x6d89b8f5
                                                                                  0x6d89b920
                                                                                  0x6d89b924
                                                                                  0x6d89b936
                                                                                  0x6d89b939
                                                                                  0x6d89b93d
                                                                                  0x6d89b948
                                                                                  0x6d89b9a0
                                                                                  0x6d89b9a0
                                                                                  0x6d89b9a4
                                                                                  0x6d89b9bf
                                                                                  0x6d89b9c4
                                                                                  0x6d89b9c6
                                                                                  0x6d89b9cd
                                                                                  0x6d89b9d1
                                                                                  0x6d89bad4
                                                                                  0x6d89bad8
                                                                                  0x6d89bada
                                                                                  0x6d89badc
                                                                                  0x6d89badc
                                                                                  0x6d89badf
                                                                                  0x6d89bae0
                                                                                  0x6d89bae2
                                                                                  0x6d89bae4
                                                                                  0x6d89baec
                                                                                  0x6d89baee
                                                                                  0x6d89baf0
                                                                                  0x6d89baf0
                                                                                  0x6d89baec
                                                                                  0x6d89bafb
                                                                                  0x6d89bafc
                                                                                  0x6d89bafe
                                                                                  0x6d89bb01
                                                                                  0x6d89bb01
                                                                                  0x00000000
                                                                                  0x6d89bb06
                                                                                  0x6d89b9d7
                                                                                  0x6d89b9db
                                                                                  0x6d89b9db
                                                                                  0x6d89b9de
                                                                                  0x6d89b9de
                                                                                  0x6d89b9e4
                                                                                  0x6d89b9e7
                                                                                  0x6d89b9ea
                                                                                  0x6d89b9ec
                                                                                  0x6d89b9ef
                                                                                  0x6d89b9f3
                                                                                  0x6d89ba1b
                                                                                  0x6d89ba23
                                                                                  0x6d89ba24
                                                                                  0x6d89ba27
                                                                                  0x6d89ba2a
                                                                                  0x6d89ba2b
                                                                                  0x6d89ba2e
                                                                                  0x6d89ba30
                                                                                  0x6d89ba37
                                                                                  0x6d89ba3f
                                                                                  0x6d89ba9c
                                                                                  0x6d89baa2
                                                                                  0x6d89bb13
                                                                                  0x6d89bb15
                                                                                  0x6d89baae
                                                                                  0x6d89baae
                                                                                  0x6d89bab3
                                                                                  0x6d89bab5
                                                                                  0x6d89baba
                                                                                  0x6d89bac8
                                                                                  0x6d89bac8
                                                                                  0x6d89baba
                                                                                  0x6d89bacd
                                                                                  0x6d89bacf
                                                                                  0x00000000
                                                                                  0x6d89bacf
                                                                                  0x6d89bb1a
                                                                                  0x00000000
                                                                                  0x6d89bb1c
                                                                                  0x6d89baa7
                                                                                  0x6d89bb11
                                                                                  0x00000000
                                                                                  0x6d89bb11
                                                                                  0x6d89baa9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d89ba41
                                                                                  0x6d89ba41
                                                                                  0x6d89ba58
                                                                                  0x6d89ba5d
                                                                                  0x6d89ba62
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d89ba67
                                                                                  0x6d89ba68
                                                                                  0x6d89ba69
                                                                                  0x6d89ba6c
                                                                                  0x6d89ba6f
                                                                                  0x6d89ba71
                                                                                  0x6d89ba78
                                                                                  0x6d89ba80
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d89ba90
                                                                                  0x6d89ba90
                                                                                  0x6d89ba97
                                                                                  0x00000000
                                                                                  0x6d89ba97
                                                                                  0x6d89b9f5
                                                                                  0x6d89b9f7
                                                                                  0x6d89b9f7
                                                                                  0x6d89b9fa
                                                                                  0x6d89ba03
                                                                                  0x6d89ba07
                                                                                  0x6d89ba0c
                                                                                  0x6d89ba10
                                                                                  0x6d89ba17
                                                                                  0x00000000
                                                                                  0x6d89b9f7
                                                                                  0x6d89b9a6
                                                                                  0x6d89b9a8
                                                                                  0x6d89b9af
                                                                                  0x6d89b9b3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d89b9b9
                                                                                  0x00000000
                                                                                  0x6d89b9b9
                                                                                  0x6d89b94d
                                                                                  0x6d89b98f
                                                                                  0x6d89b995
                                                                                  0x6d89b999
                                                                                  0x6d89b960
                                                                                  0x6d89b967
                                                                                  0x6d89b968
                                                                                  0x6d89b96a
                                                                                  0x00000000
                                                                                  0x6d89b96a
                                                                                  0x6d89b99b
                                                                                  0x6d89b99e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d89b99e
                                                                                  0x6d89b951
                                                                                  0x6d89b954
                                                                                  0x6d89b95a
                                                                                  0x6d89b95e
                                                                                  0x6d89b972
                                                                                  0x6d89b979
                                                                                  0x6d89b97d
                                                                                  0x6d89b97f
                                                                                  0x6d89b980
                                                                                  0x6d89b982
                                                                                  0x6d89b984
                                                                                  0x00000000
                                                                                  0x6d89b984
                                                                                  0x00000000
                                                                                  0x6d89b926
                                                                                  0x00000000
                                                                                  0x6d89b926

                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,?,?,?,00000000,00800000,?,00000000,?,?,6D817F7A), ref: 6D89B91B
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,00000000,00000000,?,00000400,?,?,000000FF,00000028,00000200,00000000), ref: 6D89BAC8
                                                                                  • ZwClose.BCCB(00000000,00000000,00000000,?,00000400,?,?,000000FF,00000028,00000200,00000000), ref: 6D89BACF
                                                                                  • ZwSetInformationThread.BCCB(000000FE,00000005,00000004,00000004,000000FF,00000028,00000200,00000000), ref: 6D89BAE4
                                                                                  • ZwClose.BCCB(00000004,000000FE,00000005,00000004,00000004,000000FF,00000028,00000200,00000000), ref: 6D89BAF0
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,000000FF,00000028,00000200,00000000), ref: 6D89BB01
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$CloseFree$AllocateInformationThread
                                                                                  • String ID:
                                                                                  • API String ID: 194745801-0
                                                                                  • Opcode ID: 64a09beb12d53418519c81cfbf5560598ee3ab0e2c422ef97ccb6c6b4b16f885
                                                                                  • Instruction ID: 6105b2d64cfdd50441c5fa414bcc23c440fe56b161e34c6fa59af5390c6b3ab8
                                                                                  • Opcode Fuzzy Hash: 64a09beb12d53418519c81cfbf5560598ee3ab0e2c422ef97ccb6c6b4b16f885
                                                                                  • Instruction Fuzzy Hash: C171F072240706AFE7218F2DC888F6677F5EB44724F128D28E6959B6A0EB70E940CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80395E, Relevance: 19.7, APIs: 13, Instructions: 172COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 83%
                                                                                  			E6D80395E(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t67;
				void* _t77;
				intOrPtr* _t81;
				signed int _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr* _t104;
				void* _t112;
				long _t113;
				signed int _t114;
				void* _t123;

				_v8 =  *0x6d8fd360 ^ _t114;
				_v16 = __edx;
				_t93 = 0;
				_t112 = __ecx;
				_v12 = _v12 & 0;
				E6D82FAD0( *0x6d8f84cc + 4);
				_t110 =  *0x6d8f84cc + 8;
				_t97 =  *_t110;
				while(_t97 != _t110) {
					_t113 = _t97 - 0x1c;
					_t67 =  *((intOrPtr*)(_t112 + 0xc));
					if( *((intOrPtr*)(_t113 + 0x10)) !=  *((intOrPtr*)(_t112 + 8)) ||  *((intOrPtr*)(_t113 + 0x14)) != _t67 ||  *((intOrPtr*)(_t113 + 8)) !=  *_t112) {
						L21:
						_t97 =  *_t97;
						continue;
					} else {
						_t69 =  *((intOrPtr*)(_t113 + 0xc));
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t112 + 4))) {
							goto L21;
						}
						_t94 = _t113 + 0x28;
						E6D822280(_t69, _t94);
						if( *(_t113 + 0x5c) == 2) {
							__eflags = _v16;
							if(_v16 == 0) {
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0,  *(_t113 + 0x58));
								 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
								 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & 0x00000000;
								L8:
								asm("lock inc dword [esi+0x50]");
								 *(_t113 + 0x5c) = 1;
								E6D81FFB0(_t94, _t112, _t94);
								_t123 =  *0x6d8f84cc + 4;
								E6D82FA00(_t94, _t97, _t112,  *0x6d8f84cc + 4);
								while(1) {
									_t95 = 0;
									_t77 = E6D803ACA(0, _t112, _t113, _t112, _t113, _t123, 0);
									_t124 = _t77 - 0xc000022d;
									if(_t77 == 0xc000022d) {
										_t95 = 0xc000022d;
									}
									_t110 = _t113;
									if(E6D803ACA(_t95, _t112, _t113, _t112, _t113, _t124, 1) == 0xc000022d) {
										_t93 = 0xc000022d;
									}
									E6D822280(_t113 + 0x28, _t113 + 0x28);
									_v12 = _v12 + 1;
									_t104 = _t113 + 0x2c;
									_t81 =  *_t104;
									while(_t81 != _t104) {
										 *(_t81 + 0x60) =  *(_t81 + 0x60) & 0x00000000;
										_t81 =  *_t81;
									}
									if( *(_t113 + 0x58) != 0) {
										_t112 =  *(_t113 + 0x58);
										 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
										E6D81FFB0(_t93, _t112, _t113 + 0x28);
										continue;
									}
									if(_t93 != 0) {
										__eflags = _t93 - 0xc000022d;
										if(_t93 == 0xc000022d) {
											 *(_t113 + 0x58) = _t112;
											 *(_t113 + 0x5c) = 2;
											E6D892DA1(_t113);
										}
										L17:
										E6D81FFB0(_t93, _t112, _t113 + 0x28);
										E6D83DE9E(_t113);
										L18:
										if(_v12 > 1) {
											_t113 = 0;
											_t49 = _t112 + 8; // 0x8
											_push(0);
											_push(0);
											_push(_t93);
											_push( *((intOrPtr*)(_t112 + 0x18)));
											_push(_t112);
											E6D84A3A0();
											__eflags = _t93;
											if(_t93 == 0) {
												RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t112);
											}
											_t93 = 0x80;
										}
										return E6D84B640(_t93, _t93, _v8 ^ _t114, _t110, _t112, _t113);
									}
									 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & _t93;
									if( *((intOrPtr*)(_t113 + 0x18)) != _t93) {
										__eflags =  *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18));
										if( *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18)) > 0) {
											goto L16;
										}
										goto L17;
									}
									L16:
									 *((intOrPtr*)(_t113 + 0x18)) =  *((intOrPtr*)(_t112 + 0x10));
									goto L17;
								}
							}
							_push(_t94);
							L27:
							E6D81FFB0(_t94, _t112);
							_t93 = 0x80;
							break;
						}
						if( *(_t113 + 0x5c) == 1) {
							__eflags = _v16;
							_push(_t94);
							if(_v16 != 0) {
								goto L27;
							}
							 *(_t113 + 0x58) = _t112;
							E6D81FFB0(_t94, _t112);
							_t93 = 0x103;
							break;
						}
						goto L8;
					}
				}
				E6D82FA00(_t93, _t97, _t112,  *0x6d8f84cc + 4);
				goto L18;
			}





















                                                                                  0x6d80396d
                                                                                  0x6d80397b
                                                                                  0x6d80397e
                                                                                  0x6d803980
                                                                                  0x6d803982
                                                                                  0x6d803986
                                                                                  0x6d803991
                                                                                  0x6d803994
                                                                                  0x6d803996
                                                                                  0x6d8039a1
                                                                                  0x6d8039a7
                                                                                  0x6d8039aa
                                                                                  0x6d803aa7
                                                                                  0x6d803aa7
                                                                                  0x00000000
                                                                                  0x6d8039c4
                                                                                  0x6d8039c4
                                                                                  0x6d8039ca
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8039d0
                                                                                  0x6d8039d4
                                                                                  0x6d8039dd
                                                                                  0x6d85fffc
                                                                                  0x6d860000
                                                                                  0x6d860020
                                                                                  0x6d860025
                                                                                  0x6d860029
                                                                                  0x6d8039ed
                                                                                  0x6d8039ed
                                                                                  0x6d8039f2
                                                                                  0x6d8039f9
                                                                                  0x6d803a03
                                                                                  0x6d803a07
                                                                                  0x6d803a0c
                                                                                  0x6d803a0c
                                                                                  0x6d803a13
                                                                                  0x6d803a1d
                                                                                  0x6d803a1f
                                                                                  0x6d86004b
                                                                                  0x6d86004b
                                                                                  0x6d803a27
                                                                                  0x6d803a37
                                                                                  0x6d860052
                                                                                  0x6d860052
                                                                                  0x6d803a41
                                                                                  0x6d803a46
                                                                                  0x6d803a49
                                                                                  0x6d803a4c
                                                                                  0x6d803a4e
                                                                                  0x6d803a9f
                                                                                  0x6d803aa3
                                                                                  0x6d803aa3
                                                                                  0x6d803a56
                                                                                  0x6d860059
                                                                                  0x6d86005f
                                                                                  0x6d860064
                                                                                  0x00000000
                                                                                  0x6d860064
                                                                                  0x6d803a5e
                                                                                  0x6d860073
                                                                                  0x6d860075
                                                                                  0x6d86007d
                                                                                  0x6d860080
                                                                                  0x6d860087
                                                                                  0x6d860087
                                                                                  0x6d803a72
                                                                                  0x6d803a76
                                                                                  0x6d803a7d
                                                                                  0x6d803a82
                                                                                  0x6d803a86
                                                                                  0x6d860091
                                                                                  0x6d860093
                                                                                  0x6d860096
                                                                                  0x6d860097
                                                                                  0x6d860098
                                                                                  0x6d860099
                                                                                  0x6d86009c
                                                                                  0x6d86009e
                                                                                  0x6d8600a3
                                                                                  0x6d8600a5
                                                                                  0x6d8600b2
                                                                                  0x6d8600b2
                                                                                  0x6d8600b7
                                                                                  0x6d8600b7
                                                                                  0x6d803a9e
                                                                                  0x6d803a9e
                                                                                  0x6d803a64
                                                                                  0x6d803a6a
                                                                                  0x6d803ac4
                                                                                  0x6d803ac6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d803ac8
                                                                                  0x6d803a6c
                                                                                  0x6d803a6f
                                                                                  0x00000000
                                                                                  0x6d803a6f
                                                                                  0x6d803a0c
                                                                                  0x6d860002
                                                                                  0x6d860003
                                                                                  0x6d860003
                                                                                  0x6d860008
                                                                                  0x00000000
                                                                                  0x6d860008
                                                                                  0x6d8039e7
                                                                                  0x6d860032
                                                                                  0x6d860036
                                                                                  0x6d860037
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d860039
                                                                                  0x6d86003c
                                                                                  0x6d860041
                                                                                  0x00000000
                                                                                  0x6d860041
                                                                                  0x00000000
                                                                                  0x6d8039e7
                                                                                  0x6d8039aa
                                                                                  0x6d803ab7
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(?,00000000,00000000,00000000), ref: 6D803986
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,00000000,00000000), ref: 6D8039D4
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?), ref: 6D8039F9
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,?), ref: 6D803A07
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,00000001,00000000,?,?), ref: 6D803A41
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,00000001,00000000,?,?), ref: 6D803A76
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,?,00000000,00000000,00000000), ref: 6D803AB7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Lock$ExclusiveRelease$AcquireShared
                                                                                  • String ID:
                                                                                  • API String ID: 1363392280-0
                                                                                  • Opcode ID: e6e6545e367c24999f9d8f08194024f04bab0d8a09fbeae9002e4f0c7076d663
                                                                                  • Instruction ID: fd3ee9a06c86cb7ffababa96037b3f225fee492f2c3ef6e91a5dff4a2706750b
                                                                                  • Opcode Fuzzy Hash: e6e6545e367c24999f9d8f08194024f04bab0d8a09fbeae9002e4f0c7076d663
                                                                                  • Instruction Fuzzy Hash: 0C517B71614B469FD721EB9AC888F6AB3B8FB4631DF108C2DE14687610DB74E884CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82A830, Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 350COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 70%
                                                                                  			E6D82A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x6d8f8748 - 1;
					if( *0x6d8f8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E6D80B150();
									_t260 = _t257 + 4;
								} else {
									E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E6D80B150();
								_t257 = _t260 + 4;
								__eflags =  *0x6d8f7bc8;
								if(__eflags == 0) {
									E6D8C2073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E6D8CA80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E6D85D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E6D82AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E6D8CA80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E6D8CA80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x6d8f8748 - 1;
					if( *0x6d8f8748 >= 1) {
						_t131 = _t256 + 0x00000fff & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E6D80B150();
							} else {
								E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E6D80B150();
							__eflags =  *0x6d8f7bc8;
							if(__eflags == 0) {
								_t131 = E6D8C2073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                  0x6d82a83a
                                                                                  0x6d82a83c
                                                                                  0x6d82a83e
                                                                                  0x6d82a841
                                                                                  0x6d82a844
                                                                                  0x6d82a84a
                                                                                  0x6d82aa53
                                                                                  0x6d82aa59
                                                                                  0x6d82aa59
                                                                                  0x6d82a858
                                                                                  0x6d82a85e
                                                                                  0x6d82aaf5
                                                                                  0x6d82aafc
                                                                                  0x6d87229e
                                                                                  0x6d8722a2
                                                                                  0x6d8722a8
                                                                                  0x6d8722b3
                                                                                  0x6d8722b5
                                                                                  0x6d8722bb
                                                                                  0x6d8722c1
                                                                                  0x6d8722c5
                                                                                  0x6d8722e6
                                                                                  0x6d8722eb
                                                                                  0x6d8722f0
                                                                                  0x6d8722c7
                                                                                  0x6d8722dc
                                                                                  0x6d8722e1
                                                                                  0x6d8722e1
                                                                                  0x6d8722f3
                                                                                  0x6d8722f8
                                                                                  0x6d8722fd
                                                                                  0x6d872300
                                                                                  0x6d872307
                                                                                  0x6d87230e
                                                                                  0x6d87230e
                                                                                  0x6d872313
                                                                                  0x6d872313
                                                                                  0x6d8722b5
                                                                                  0x6d8722a2
                                                                                  0x6d82aafc
                                                                                  0x6d82a864
                                                                                  0x6d82a869
                                                                                  0x6d82aa5c
                                                                                  0x6d82aa5e
                                                                                  0x6d82a86f
                                                                                  0x6d82a87f
                                                                                  0x6d82a885
                                                                                  0x6d82a885
                                                                                  0x6d82a88b
                                                                                  0x6d82a890
                                                                                  0x6d82a896
                                                                                  0x6d82ab0c
                                                                                  0x6d82ab0f
                                                                                  0x6d82ab15
                                                                                  0x6d872320
                                                                                  0x6d872320
                                                                                  0x6d82ab1b
                                                                                  0x6d82a89c
                                                                                  0x6d82a89f
                                                                                  0x6d82a8a2
                                                                                  0x6d82a8a2
                                                                                  0x6d82a8a5
                                                                                  0x6d82a8af
                                                                                  0x6d82a8b3
                                                                                  0x6d82a8b8
                                                                                  0x6d82aa66
                                                                                  0x6d82a8be
                                                                                  0x6d82a8c5
                                                                                  0x6d82a8c6
                                                                                  0x6d82a8ce
                                                                                  0x6d872328
                                                                                  0x6d872332
                                                                                  0x6d872337
                                                                                  0x6d872337
                                                                                  0x6d82a8ce
                                                                                  0x6d82a8d4
                                                                                  0x6d82a8d8
                                                                                  0x6d82a8db
                                                                                  0x6d82a8de
                                                                                  0x6d82a8e1
                                                                                  0x6d82a8e5
                                                                                  0x6d82a8e8
                                                                                  0x6d82a8f0
                                                                                  0x6d82a8f3
                                                                                  0x6d87234c
                                                                                  0x6d872350
                                                                                  0x6d872355
                                                                                  0x6d872359
                                                                                  0x6d872359
                                                                                  0x6d82a8f9
                                                                                  0x6d82a901
                                                                                  0x6d82aae4
                                                                                  0x6d82aae4
                                                                                  0x6d82aaea
                                                                                  0x00000000
                                                                                  0x6d82a907
                                                                                  0x6d82a90a
                                                                                  0x6d82a91d
                                                                                  0x6d82a91d
                                                                                  0x00000000
                                                                                  0x6d82a910
                                                                                  0x6d82a910
                                                                                  0x6d82a910
                                                                                  0x6d82a914
                                                                                  0x6d82a924
                                                                                  0x6d82a924
                                                                                  0x6d82a924
                                                                                  0x6d82a924
                                                                                  0x6d82a916
                                                                                  0x6d82a91b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82a91b
                                                                                  0x6d82a925
                                                                                  0x6d82a925
                                                                                  0x6d82a932
                                                                                  0x6d82a936
                                                                                  0x6d82a93c
                                                                                  0x6d82a93c
                                                                                  0x6d82a93c
                                                                                  0x6d82ab22
                                                                                  0x6d82ab24
                                                                                  0x6d82ab27
                                                                                  0x6d82ab27
                                                                                  0x6d82a942
                                                                                  0x6d82a944
                                                                                  0x6d82aaba
                                                                                  0x6d82aabd
                                                                                  0x6d82aac0
                                                                                  0x6d82aac0
                                                                                  0x6d82aac2
                                                                                  0x6d82ab2f
                                                                                  0x6d82aac4
                                                                                  0x6d82aac4
                                                                                  0x6d82aac7
                                                                                  0x6d82aaca
                                                                                  0x6d82aacc
                                                                                  0x6d82aace
                                                                                  0x6d82aace
                                                                                  0x6d82aace
                                                                                  0x6d82aad1
                                                                                  0x6d82aad1
                                                                                  0x6d82aad7
                                                                                  0x6d82aad9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d872361
                                                                                  0x6d872369
                                                                                  0x6d87236b
                                                                                  0x00000000
                                                                                  0x6d872371
                                                                                  0x00000000
                                                                                  0x6d872371
                                                                                  0x00000000
                                                                                  0x6d87236b
                                                                                  0x6d82aac0
                                                                                  0x6d82a94a
                                                                                  0x6d82a94a
                                                                                  0x6d82a94d
                                                                                  0x6d82a94d
                                                                                  0x6d82a950
                                                                                  0x6d82a954
                                                                                  0x6d872376
                                                                                  0x6d872380
                                                                                  0x6d82a95a
                                                                                  0x6d82a95a
                                                                                  0x6d82a95c
                                                                                  0x6d82a95f
                                                                                  0x6d82a961
                                                                                  0x6d82a961
                                                                                  0x6d82a967
                                                                                  0x6d82a96a
                                                                                  0x6d82a972
                                                                                  0x6d82aa02
                                                                                  0x6d82aa06
                                                                                  0x6d82aa10
                                                                                  0x6d82aa16
                                                                                  0x6d82aa16
                                                                                  0x6d82aa1b
                                                                                  0x6d82aa21
                                                                                  0x6d82aa24
                                                                                  0x6d82aa27
                                                                                  0x6d82aa29
                                                                                  0x6d82aa2c
                                                                                  0x6d82aa32
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82a978
                                                                                  0x6d82a978
                                                                                  0x6d82a97b
                                                                                  0x6d82a981
                                                                                  0x6d82a996
                                                                                  0x6d82a998
                                                                                  0x6d82a99f
                                                                                  0x6d82a9a2
                                                                                  0x6d87238a
                                                                                  0x6d82a9a8
                                                                                  0x6d82a9a8
                                                                                  0x6d82a9a8
                                                                                  0x6d82a9aa
                                                                                  0x6d82a9ad
                                                                                  0x6d82a9b0
                                                                                  0x6d82a9bb
                                                                                  0x6d82a9be
                                                                                  0x6d82a9c7
                                                                                  0x6d82a9c9
                                                                                  0x6d82a9c9
                                                                                  0x6d82a9cc
                                                                                  0x6d82a9d1
                                                                                  0x6d82aa6d
                                                                                  0x6d82aa70
                                                                                  0x6d82aa73
                                                                                  0x6d82aa75
                                                                                  0x6d82aa79
                                                                                  0x6d82aa7e
                                                                                  0x6d82aa82
                                                                                  0x6d82aa8f
                                                                                  0x6d82aa94
                                                                                  0x6d82aa96
                                                                                  0x6d872392
                                                                                  0x6d8723a1
                                                                                  0x6d8723a1
                                                                                  0x6d82aa9c
                                                                                  0x6d82aa9f
                                                                                  0x6d82aaa2
                                                                                  0x6d82aaa2
                                                                                  0x6d82aaa8
                                                                                  0x6d82aaab
                                                                                  0x6d82aaaf
                                                                                  0x00000000
                                                                                  0x6d82aab5
                                                                                  0x00000000
                                                                                  0x6d82aab5
                                                                                  0x6d82a9d7
                                                                                  0x6d82a9d7
                                                                                  0x6d82a9da
                                                                                  0x6d82a9e0
                                                                                  0x6d82a9e3
                                                                                  0x6d82a9e6
                                                                                  0x6d82a9e9
                                                                                  0x6d82a9eb
                                                                                  0x6d82a9fd
                                                                                  0x6d82a9fd
                                                                                  0x00000000
                                                                                  0x6d82a9eb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82a983
                                                                                  0x6d82a983
                                                                                  0x6d82a983
                                                                                  0x6d82a987
                                                                                  0x6d82a995
                                                                                  0x6d82a995
                                                                                  0x6d82a995
                                                                                  0x6d82a995
                                                                                  0x6d82a989
                                                                                  0x6d82a98e
                                                                                  0x00000000
                                                                                  0x6d82a990
                                                                                  0x00000000
                                                                                  0x6d82a990
                                                                                  0x6d82a98e
                                                                                  0x00000000
                                                                                  0x6d82a983
                                                                                  0x6d82a972
                                                                                  0x6d82a90a
                                                                                  0x6d82aa34
                                                                                  0x6d82aa34
                                                                                  0x6d82aa40
                                                                                  0x6d82aa43
                                                                                  0x6d82aa46
                                                                                  0x6d82aa4d
                                                                                  0x6d8723ab
                                                                                  0x6d8723b2
                                                                                  0x6d8723be
                                                                                  0x6d8723c3
                                                                                  0x6d8723c5
                                                                                  0x6d8723cb
                                                                                  0x6d8723d1
                                                                                  0x6d8723d5
                                                                                  0x6d8723f6
                                                                                  0x6d8723fb
                                                                                  0x6d8723d7
                                                                                  0x6d8723ec
                                                                                  0x6d8723f1
                                                                                  0x6d872403
                                                                                  0x6d872408
                                                                                  0x6d872410
                                                                                  0x6d872417
                                                                                  0x6d872422
                                                                                  0x6d872422
                                                                                  0x6d872417
                                                                                  0x6d8723c5
                                                                                  0x6d8723b2
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,-00000018,?,?,?,?,?,?,?,?,?,6D82A3D0,?,?,-00000018), ref: 6D8722DC
                                                                                  • DbgPrint.BCCB(((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)),?,?,?,?,?,?,?,?,6D82A3D0,?,?,-00000018,?), ref: 6D8722F8
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 6D8722D7, 6D8723E7
                                                                                  • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 6D8722F3
                                                                                  • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 6D872403
                                                                                  • HEAP: , xrefs: 6D8722E6, 6D8723F6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                  • API String ID: 3558298466-1657114761
                                                                                  • Opcode ID: 7b9ffdacda2b86e87ef895490fe6b1aa14bb759f0f685b574ed503935e8d0e95
                                                                                  • Instruction ID: ec8e8e3241a75b74d4e08c6cf9e0b4b734b1d13ba47a00122770d05220d38c7c
                                                                                  • Opcode Fuzzy Hash: 7b9ffdacda2b86e87ef895490fe6b1aa14bb759f0f685b574ed503935e8d0e95
                                                                                  • Instruction Fuzzy Hash: CBD1D130A04646CFDB15CF69C598BBAB7F1FF49304F118969E86A9B341E334E981CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D840F48, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 188nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 74%
                                                                                  			E6D840F48(signed short* __ecx, long* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed short* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed short _v36;
				signed int _v40;
				long* _v48;
				char _v52;
				char _v56;
				char _v57;
				char _v58;
				intOrPtr _v60;
				void* _v64;
				void* _t60;
				void* _t66;
				void* _t69;
				void* _t72;
				intOrPtr _t87;
				char _t93;
				signed int* _t95;
				intOrPtr _t97;
				signed int _t101;
				intOrPtr _t104;
				signed int _t107;
				signed short _t109;
				char _t110;
				intOrPtr _t111;
				intOrPtr* _t114;
				intOrPtr _t116;
				void* _t117;
				signed int _t118;
				void* _t120;

				_t120 = (_t118 & 0xfffffff8) - 0x3c;
				_v48 = __edx;
				_t87 = _a4;
				 *_a8 = 0;
				_t107 =  *__ecx & 0x0000ffff;
				_v52 = 0;
				_v56 = 0;
				_v57 = 0;
				_t101 = _t107;
				_t114 = __ecx[2] + _t101;
				_v40 = __ecx;
				if(_t87 != 0) {
					if(_t101 + 2 > (__ecx[1] & 0x0000ffff)) {
						L28:
						_t60 = 0xc000000d;
						goto L16;
					}
					_t93 = 0;
					if( *_t114 == 0) {
						goto L2;
					}
					goto L28;
				} else {
					_t93 = 0;
					L2:
					if(_t101 == 0) {
						L7:
						_t109 = _t107 - _t101;
						_v32 = _t114;
						_v36 = _t109;
						if((_t109 & 0x0000ffff) != _t109) {
							_t60 = 0xc0000023;
							L16:
							return _t60;
						}
						if(_t87 != 0) {
							_t116 = _v48;
							_v58 = 1;
							_t60 = E6D8410D7( &_v52, _t116, _t87);
						} else {
							_v58 = _t93;
							_t60 = E6D84108B( &_v52);
							_t116 = _v48;
						}
						if(_t60 < 0) {
							goto L16;
						} else {
							_t110 = _v52;
							_v20 =  &_v36;
							_v28 = 0x18;
							_v24 = _t110;
							_v16 = 0x240;
							_v12 = 0;
							_v8 = 0;
							if(_t87 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push( &_v28);
								_push(_t116);
								_push( &_v56);
								_t66 = E6D8496D0();
							} else {
								_push( &_v28);
								_push(_t116);
								_push( &_v56);
								_t66 = E6D849600();
							}
							_t117 = _t66;
							if(_v58 != 0) {
								_push(_t110);
								E6D8495D0();
							}
							if(_t117 >= 0) {
								_t95 =  &_v52;
								_v52 = _v56;
								_t69 = E6D808239(_t95, _v48, _v40);
								_t111 = _v56;
								_t117 = _t69;
								if(_t117 < 0) {
									L24:
									if(_t111 != 0) {
										_push(_t111);
										E6D8495D0();
									}
									goto L15;
								}
								_t104 = _v56;
								if(_v57 != 0 && _t111 == _t104 && _t87 != 0) {
									_push(_t95);
									_v52 = 0;
									_t72 = E6D898372( &_v52, _t104, _v48);
									_t111 = _v60;
									_t117 = _t72;
									if(_t117 >= 0) {
										_t117 = E6D816D30( &_v52, L"FilterFullPath");
										if(_t117 >= 0) {
											_t97 =  *((intOrPtr*)(_t120 + 0x24));
											_push( *(_t97 + 2) & 0x0000ffff);
											_push( *((intOrPtr*)(_t97 + 4)));
											_push(1);
											_push(0);
											_push( &_v52);
											_push(_t111);
											_t117 = E6D849B00();
											if(_t117 >= 0) {
												 *((intOrPtr*)(_t120 + 0x28)) = 1;
												_t117 = E6D816D30( &_v52, L"UseFilter");
												if(_t117 >= 0) {
													_push(4);
													_push(_t120 + 0x28);
													_push(4);
													_push(0);
													_push( &_v52);
													_push(_v60);
													_t117 = E6D849B00();
												}
											}
										}
									}
									_push(_v60);
									E6D8495D0();
								}
								if(_t117 < 0) {
									goto L24;
								} else {
									 *_a8 = _t111;
									goto L15;
								}
							} else {
								L15:
								_t60 = _t117;
								goto L16;
							}
						}
					}
					L3:
					L3:
					if( *((short*)(_t114 - 2)) == 0x5c) {
						_v57 = 1;
					} else {
						goto L4;
					}
					goto L7;
					L4:
					_t114 = _t114 + 0xfffffffe;
					_t101 = _t101;
					if(_t101 != 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
			}






































                                                                                  0x6d840f50
                                                                                  0x6d840f55
                                                                                  0x6d840f5f
                                                                                  0x6d840f63
                                                                                  0x6d840f69
                                                                                  0x6d840f6c
                                                                                  0x6d840f70
                                                                                  0x6d840f74
                                                                                  0x6d840f78
                                                                                  0x6d840f7a
                                                                                  0x6d840f7c
                                                                                  0x6d840f82
                                                                                  0x6d87cc82
                                                                                  0x6d87cc8f
                                                                                  0x6d87cc8f
                                                                                  0x00000000
                                                                                  0x6d87cc8f
                                                                                  0x6d87cc84
                                                                                  0x6d87cc89
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d840f88
                                                                                  0x6d840f88
                                                                                  0x6d840f8a
                                                                                  0x6d840f8c
                                                                                  0x6d840fa5
                                                                                  0x6d840fa5
                                                                                  0x6d840fa7
                                                                                  0x6d840fae
                                                                                  0x6d840fb5
                                                                                  0x6d87cc99
                                                                                  0x6d841029
                                                                                  0x6d84102f
                                                                                  0x6d84102f
                                                                                  0x6d840fbd
                                                                                  0x6d87cca3
                                                                                  0x6d87ccae
                                                                                  0x6d87ccb3
                                                                                  0x6d840fc3
                                                                                  0x6d840fc3
                                                                                  0x6d840fcb
                                                                                  0x6d840fd0
                                                                                  0x6d840fd0
                                                                                  0x6d840fd6
                                                                                  0x00000000
                                                                                  0x6d840fd8
                                                                                  0x6d840fd8
                                                                                  0x6d840fe0
                                                                                  0x6d840fe6
                                                                                  0x6d840fee
                                                                                  0x6d840ff2
                                                                                  0x6d840ffa
                                                                                  0x6d840ffe
                                                                                  0x6d841004
                                                                                  0x6d87ccbd
                                                                                  0x6d87ccbe
                                                                                  0x6d87ccbf
                                                                                  0x6d87ccc0
                                                                                  0x6d87ccc5
                                                                                  0x6d87ccc6
                                                                                  0x6d87cccb
                                                                                  0x6d87cccc
                                                                                  0x6d84100a
                                                                                  0x6d84100e
                                                                                  0x6d84100f
                                                                                  0x6d841014
                                                                                  0x6d841015
                                                                                  0x6d841015
                                                                                  0x6d84101f
                                                                                  0x6d841021
                                                                                  0x6d841077
                                                                                  0x6d841078
                                                                                  0x6d841078
                                                                                  0x6d841025
                                                                                  0x6d841036
                                                                                  0x6d841042
                                                                                  0x6d841046
                                                                                  0x6d84104b
                                                                                  0x6d84104f
                                                                                  0x6d841053
                                                                                  0x6d84107f
                                                                                  0x6d841081
                                                                                  0x6d841083
                                                                                  0x6d841084
                                                                                  0x6d841084
                                                                                  0x00000000
                                                                                  0x6d841081
                                                                                  0x6d84105a
                                                                                  0x6d84105e
                                                                                  0x6d87ccd6
                                                                                  0x6d87cce1
                                                                                  0x6d87cce5
                                                                                  0x6d87ccea
                                                                                  0x6d87ccee
                                                                                  0x6d87ccf2
                                                                                  0x6d87cd03
                                                                                  0x6d87cd07
                                                                                  0x6d87cd09
                                                                                  0x6d87cd11
                                                                                  0x6d87cd12
                                                                                  0x6d87cd19
                                                                                  0x6d87cd1b
                                                                                  0x6d87cd1c
                                                                                  0x6d87cd1d
                                                                                  0x6d87cd23
                                                                                  0x6d87cd27
                                                                                  0x6d87cd32
                                                                                  0x6d87cd40
                                                                                  0x6d87cd44
                                                                                  0x6d87cd46
                                                                                  0x6d87cd4c
                                                                                  0x6d87cd4d
                                                                                  0x6d87cd4f
                                                                                  0x6d87cd54
                                                                                  0x6d87cd55
                                                                                  0x6d87cd5e
                                                                                  0x6d87cd5e
                                                                                  0x6d87cd44
                                                                                  0x6d87cd27
                                                                                  0x6d87cd07
                                                                                  0x6d87cd60
                                                                                  0x6d87cd64
                                                                                  0x6d87cd64
                                                                                  0x6d84106e
                                                                                  0x00000000
                                                                                  0x6d841070
                                                                                  0x6d841073
                                                                                  0x00000000
                                                                                  0x6d841073
                                                                                  0x6d841027
                                                                                  0x6d841027
                                                                                  0x6d841027
                                                                                  0x00000000
                                                                                  0x6d841027
                                                                                  0x6d841025
                                                                                  0x6d840fd6
                                                                                  0x00000000
                                                                                  0x6d840f8e
                                                                                  0x6d840f93
                                                                                  0x6d840fa0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d840f95
                                                                                  0x6d840f95
                                                                                  0x6d840f99
                                                                                  0x6d840f9c
                                                                                  0x00000000
                                                                                  0x6d840f9e
                                                                                  0x00000000
                                                                                  0x6d840f9e
                                                                                  0x6d840f9c

                                                                                  APIs
                                                                                  • ZwOpenKey.BCCB(?,?,00000018), ref: 6D841015
                                                                                  • ZwClose.BCCB(?,?,?,00000018), ref: 6D841078
                                                                                  • ZwClose.BCCB(?,?,?,?,?,00000018), ref: 6D841084
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Close$Open
                                                                                  • String ID: FilterFullPath$UseFilter
                                                                                  • API String ID: 2976201327-4106802152
                                                                                  • Opcode ID: 7df102a91abe1543ee504d4556002fea3bb262dad7ea36b9a81d6d60e299ef79
                                                                                  • Instruction ID: 22767844f939a80f1a75934cd0c944f7ccd7a9fa8f8c5b6ff080d9fc0d45b467
                                                                                  • Opcode Fuzzy Hash: 7df102a91abe1543ee504d4556002fea3bb262dad7ea36b9a81d6d60e299ef79
                                                                                  • Instruction Fuzzy Hash: D961BF7150C35A9BD311CF298448A6FBBE8BFC9758F058D2EF984A7250E731D909CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D883540, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 130nativememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 75%
                                                                                  			E6D883540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				void _v96;
				char _v352;
				void _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				void _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				void* _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x6d8fd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E6D840BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E6D883706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						memset( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E6D883540;
						memset( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E6D85DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E6D890C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E6D8497C0();
					}
					return E6D84B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E6D883971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E6D883884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					memset( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E6D849650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E6D883787(_a4,  &_v352, _t80);
						}
					}
					RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v1168);
				}
				_push(_v1156);
				E6D8495D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                  0x6d883552
                                                                                  0x6d88355a
                                                                                  0x6d88355d
                                                                                  0x6d883566
                                                                                  0x6d883567
                                                                                  0x6d88357e
                                                                                  0x6d88358f
                                                                                  0x6d8835a1
                                                                                  0x6d8835a5
                                                                                  0x6d88366b
                                                                                  0x6d88366b
                                                                                  0x6d88366d
                                                                                  0x6d883672
                                                                                  0x6d883679
                                                                                  0x6d883685
                                                                                  0x6d88368d
                                                                                  0x6d88369d
                                                                                  0x6d8836a7
                                                                                  0x6d8836b8
                                                                                  0x6d8836c6
                                                                                  0x6d8836c7
                                                                                  0x6d8836dc
                                                                                  0x6d8836e1
                                                                                  0x6d8836e7
                                                                                  0x6d8836e9
                                                                                  0x6d8836e9
                                                                                  0x6d883703
                                                                                  0x6d883703
                                                                                  0x6d8835b5
                                                                                  0x6d8835c0
                                                                                  0x6d8835c4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8835ca
                                                                                  0x6d8835d7
                                                                                  0x6d8835e2
                                                                                  0x6d8835e6
                                                                                  0x6d8835e8
                                                                                  0x6d8835f5
                                                                                  0x6d8835fa
                                                                                  0x6d883603
                                                                                  0x6d883604
                                                                                  0x6d883609
                                                                                  0x6d88360a
                                                                                  0x6d883612
                                                                                  0x6d883613
                                                                                  0x6d88361e
                                                                                  0x6d883622
                                                                                  0x6d883628
                                                                                  0x6d88362f
                                                                                  0x6d88362f
                                                                                  0x6d883636
                                                                                  0x6d883638
                                                                                  0x6d88363b
                                                                                  0x6d883642
                                                                                  0x6d883642
                                                                                  0x6d883636
                                                                                  0x6d883657
                                                                                  0x6d883657
                                                                                  0x6d88365c
                                                                                  0x6d883662
                                                                                  0x6d883669
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlQueryPackageIdentityEx.BCCB(000000FC,?,?,00000000,00000000,00000000,?,?,00000000,?), ref: 6D88359C
                                                                                    • Part of subcall function 6D840BE0: RtlQueryPackageClaims.BCCB(00000000,?,00000000,?,00000000,?,?,00000000,?,00000000,?,00000000,?), ref: 6D840C14
                                                                                  • memset.BCCB(?,00000000,00000050,?,?,000000FC,?,?,00000000,00000000,00000000,?,?,00000000,?), ref: 6D8835F5
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,?,00000050,?,?,00000000,?), ref: 6D883619
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,?,00000002,?,00000050,?,?,00000000,?), ref: 6D883657
                                                                                  • ZwClose.BCCB(?,?,?,000000FC,?,?,00000000,00000000,00000000,?,?,00000000,?), ref: 6D883662
                                                                                  • memset.BCCB(?,00000000,00000050,000000FC,?,?,00000000,00000000,00000000,?,?,00000000,?), ref: 6D883685
                                                                                  • memset.BCCB(?,00000000,000002CC,?,00000000,?), ref: 6D8836B8
                                                                                  • RtlCaptureContext.BCCB(?,?,?,?,?,00000000,?), ref: 6D8836C7
                                                                                  • RtlReportException.BCCB(060C201E,?,00000002,?,?,?,?,?,00000000,?), ref: 6D8836DC
                                                                                  • ZwTerminateProcess.BCCB(000000FF,060C201E,060C201E,?,00000002,?,?,?,?,?,00000000,?), ref: 6D8836E9
                                                                                    • Part of subcall function 6D883971: ZwOpenKeyEx.BCCB(00000000,00020019,?,00000000,?,00000000), ref: 6D883A81
                                                                                    • Part of subcall function 6D883884: ZwQueryValueKey.BCCB(?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6D8838BF
                                                                                    • Part of subcall function 6D883884: RtlAllocateHeap.BCCB(?,00000008,?,?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6D8838E5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Query$memset$HeapPackageValue$AllocateCaptureClaimsCloseContextExceptionFreeIdentityOpenProcessReportTerminate
                                                                                  • String ID: BinaryHash
                                                                                  • API String ID: 428162740-2202222882
                                                                                  • Opcode ID: b65950ab84f24d7e557bdd96a89af1fd46298483da324e44dd6aedeba6af99c6
                                                                                  • Instruction ID: f1f8032dc232d401945ed092bba3448b64e8ede8a077c048efb4531261677339
                                                                                  • Opcode Fuzzy Hash: b65950ab84f24d7e557bdd96a89af1fd46298483da324e44dd6aedeba6af99c6
                                                                                  • Instruction Fuzzy Hash: 374155F1D0552D9BDB21DA54CC84FEEB77CAF44718F0189A5EB09A7241DB309E888F94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8B64FB, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 125nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 72%
                                                                                  			E6D8B64FB(intOrPtr* __ecx) {
				signed int _v8;
				char _v32;
				short _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char* _v52;
				short _v54;
				void* _v56;
				char* _v60;
				char _v64;
				char* _v68;
				short _v70;
				char _v72;
				char* _v76;
				short _v78;
				void* _v80;
				char* _v84;
				short _v86;
				void* _v88;
				char* _v92;
				short _v94;
				void* _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				short _t48;
				short _t49;
				void* _t50;
				short _t51;
				void* _t55;
				void* _t62;
				void* _t77;
				short _t81;
				short _t82;
				intOrPtr* _t83;
				signed int _t85;

				_v8 =  *0x6d8fd360 ^ _t85;
				_t48 = 0x16;
				_t82 = 0x18;
				_t83 = __ecx;
				_v72 = _t48;
				_t77 = 0x10;
				_t49 = 0x12;
				_v86 = _t49;
				_v94 = _t49;
				_t50 = 0xa;
				_v80 = _t50;
				_t51 = 0xc;
				_v78 = _t51;
				_v112 =  &_v64;
				_push( &_v120);
				_v88 = _t77;
				_v96 = _t77;
				_push(1);
				_push( &_v48);
				_v64 = 0x840082;
				_v60 = L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ProductOptions";
				_v70 = _t82;
				_v68 = L"ProductType";
				_v84 = L"LanmanNt";
				_v92 = L"ServerNt";
				_v76 = L"WinNt";
				_v48 = 0;
				_v120 = _t82;
				_v116 = 0;
				_v108 = 0x240;
				_v104 = 0;
				_v100 = 0;
				_t55 = E6D849600();
				_t84 = _t55;
				if(_t55 >= 0) {
					_push( &_v124);
					_push(0x24);
					_push( &_v44);
					_push(2);
					_push( &_v72);
					_push(_v48);
					_t62 = E6D849650();
					_t84 = _t62;
					if(_t62 >= 0) {
						if(_v40 != 1) {
							L10:
							_t84 = 0xc000090b;
						} else {
							_t81 = _v36;
							if(_t81 < 2) {
								goto L10;
							} else {
								_v54 = _t81;
								_v52 =  &_v32;
								_t35 = _t81 - 2; // 0x6d876635
								_v56 = _t35;
								if(RtlEqualUnicodeString( &_v56,  &_v80, 1) == 0) {
									if(RtlEqualUnicodeString( &_v56,  &_v88, 1) == 0) {
										if(RtlEqualUnicodeString( &_v56,  &_v96, 1) == 0) {
											goto L10;
										} else {
											 *_t83 = 3;
										}
									} else {
										 *_t83 = 2;
									}
								} else {
									 *_t83 = 1;
								}
							}
						}
					}
				}
				if(_v48 != 0) {
					_push(_v48);
					E6D8495D0();
				}
				return E6D84B640(_t84, 1, _v8 ^ _t85, _t82, _t83, _t84);
			}















































                                                                                  0x6d8b650a
                                                                                  0x6d8b6512
                                                                                  0x6d8b6515
                                                                                  0x6d8b6518
                                                                                  0x6d8b651a
                                                                                  0x6d8b651e
                                                                                  0x6d8b6521
                                                                                  0x6d8b6524
                                                                                  0x6d8b652a
                                                                                  0x6d8b652f
                                                                                  0x6d8b6532
                                                                                  0x6d8b6536
                                                                                  0x6d8b6537
                                                                                  0x6d8b653e
                                                                                  0x6d8b6544
                                                                                  0x6d8b6545
                                                                                  0x6d8b654c
                                                                                  0x6d8b6552
                                                                                  0x6d8b6553
                                                                                  0x6d8b6554
                                                                                  0x6d8b655b
                                                                                  0x6d8b6562
                                                                                  0x6d8b6566
                                                                                  0x6d8b656d
                                                                                  0x6d8b6574
                                                                                  0x6d8b657b
                                                                                  0x6d8b6582
                                                                                  0x6d8b6585
                                                                                  0x6d8b6588
                                                                                  0x6d8b658b
                                                                                  0x6d8b6592
                                                                                  0x6d8b6595
                                                                                  0x6d8b6598
                                                                                  0x6d8b659d
                                                                                  0x6d8b65a1
                                                                                  0x6d8b65aa
                                                                                  0x6d8b65ab
                                                                                  0x6d8b65b0
                                                                                  0x6d8b65b1
                                                                                  0x6d8b65b6
                                                                                  0x6d8b65b7
                                                                                  0x6d8b65ba
                                                                                  0x6d8b65bf
                                                                                  0x6d8b65c3
                                                                                  0x6d8b65c8
                                                                                  0x6d8b662d
                                                                                  0x6d8b662d
                                                                                  0x6d8b65ca
                                                                                  0x6d8b65ca
                                                                                  0x6d8b65d0
                                                                                  0x00000000
                                                                                  0x6d8b65d2
                                                                                  0x6d8b65d5
                                                                                  0x6d8b65d9
                                                                                  0x6d8b65dc
                                                                                  0x6d8b65df
                                                                                  0x6d8b65f3
                                                                                  0x6d8b6609
                                                                                  0x6d8b6623
                                                                                  0x00000000
                                                                                  0x6d8b6625
                                                                                  0x6d8b6625
                                                                                  0x6d8b6625
                                                                                  0x6d8b660b
                                                                                  0x6d8b660b
                                                                                  0x6d8b660b
                                                                                  0x6d8b65f5
                                                                                  0x6d8b65f5
                                                                                  0x6d8b65f5
                                                                                  0x6d8b65f3
                                                                                  0x6d8b65d0
                                                                                  0x6d8b65c8
                                                                                  0x6d8b65c3
                                                                                  0x6d8b6636
                                                                                  0x6d8b6638
                                                                                  0x6d8b663b
                                                                                  0x6d8b663b
                                                                                  0x6d8b6652

                                                                                  APIs
                                                                                  • ZwOpenKey.BCCB(?,00000001,?,00000124,00000000,00000000), ref: 6D8B6598
                                                                                    • Part of subcall function 6D849600: LdrInitializeThunk.NTDLL(6D80ED52,?,?,?,?,00020019,00000018,?,?,?,?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000), ref: 6D84960A
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,?,00000024,?,?,00000001,?,00000124,00000000,00000000), ref: 6D8B65BA
                                                                                  • RtlEqualUnicodeString.BCCB(?,?,00000001,?,?,00000002,?,00000024,?,?,00000001,?,00000124,00000000,00000000), ref: 6D8B65EC
                                                                                  • RtlEqualUnicodeString.BCCB(?,?,00000001,?,?,00000001,?,?,00000002,?,00000024,?,?,00000001,?,00000124), ref: 6D8B6602
                                                                                  • ZwClose.BCCB(00000000,?,00000001,?,00000124,00000000,00000000), ref: 6D8B663B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: EqualStringUnicode$CloseInitializeOpenQueryThunkValue
                                                                                  • String ID: LanmanNt$ProductType$ServerNt$WinNt$\Registry\Machine\System\CurrentControlSet\Control\ProductOptions
                                                                                  • API String ID: 1342846649-2051245877
                                                                                  • Opcode ID: 88b778a0a8dca7f4a9d4e9c266e7453bc82793ad419ca7ac25cdb2bd4c2711bb
                                                                                  • Instruction ID: 7d63853e324a0f1e82aaf982f4074de4c119866a433de3ce5bf8cc16210bff9d
                                                                                  • Opcode Fuzzy Hash: 88b778a0a8dca7f4a9d4e9c266e7453bc82793ad419ca7ac25cdb2bd4c2711bb
                                                                                  • Instruction Fuzzy Hash: 57416B72C4420DAEDB10CFE8D989ADEB7B8FF49314F20452AE610BB240E7319909CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8180FC, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 150nativelibraryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 77%
                                                                                  			E6D8180FC(void* __ecx) {
				char _v5;
				char _v12;
				char _v16;
				intOrPtr _v20;
				signed int* _v24;
				char _t41;
				void* _t53;
				void* _t58;
				signed int _t65;
				intOrPtr _t68;
				signed int* _t69;
				signed int _t75;
				void* _t77;
				signed int* _t78;
				intOrPtr _t79;
				void* _t80;
				void* _t81;

				_t77 = __ecx;
				_t79 =  *((intOrPtr*)(__ecx + 0x20));
				if(( *0x6d8f5780 & 0x00000009) != 0) {
					_t31 = _t79 + 0x24; // 0x24
					E6D885510("minkernel\\ntdll\\ldrmap.c", 0x27b, "LdrpMinimalMapModule", 3, "DLL name: %wZ\n", _t31);
					_t81 = _t81 + 0x18;
				}
				_t4 = _t79 + 0x2c; // 0x2c
				_t41 = RtlEqualUnicodeString(_t4, 0x6d7e119c, 1);
				_v5 = _t41;
				_v16 = 0;
				_t65 = 0x800000;
				if(_t41 == 0) {
					_t61 =  *0x6d8f79d8;
					if( *0x6d8f79d8 != 0) {
						_v12 = 0;
						E6D80C600(_t61,  *((intOrPtr*)(_t79 + 0x30)), 4,  &_v12, 4, 0);
						if(_v12 != 0 && E6D89B8D0(0x6d7ee420, 1, 0,  &_v16) >= 0) {
							_t65 = 0x20000000;
						}
					}
				}
				_t68 =  *[fs:0x18];
				 *(_t77 + 0x5c) =  *(_t77 + 0x5c) & 0x00000000;
				_v12 = _t68;
				_v20 =  *((intOrPtr*)(_t68 + 0x14));
				 *((intOrPtr*)(_t68 + 0x14)) =  *((intOrPtr*)(_t79 + 0x28));
				_t75 =  *(_t77 + 0x10) & 0x00800000;
				if(_t75 != 0) {
					_t65 = _t65 | 0x00040000;
				}
				_t15 = _t79 + 0x18; // 0x18
				_t69 = _t15;
				_v24 = _t69;
				_push(2 + (0 | _t75 == 0x00000000) * 2);
				_push(_t65);
				_push(1);
				_push(_t77 + 0x5c);
				_push(0);
				_push(0);
				_push(0);
				_push(_t69);
				_push(0xffffffff);
				_push( *((intOrPtr*)(_t77 + 0xc)));
				_t80 = E6D849780();
				 *((intOrPtr*)(_v12 + 0x14)) = _v20;
				if(_t65 == 0x20000000) {
					E6D89C450(_v16);
				}
				_t53 = _t80 - 0x40000003;
				if(_t53 == 0) {
					L13:
					if( *((intOrPtr*)(_t77 + 0x60)) == 0) {
						if(E6D830548(_t77, 1) == 0) {
							if(_v5 != 0) {
								_t80 = 0xc0000018;
							}
						} else {
							_t80 = 0xc000022d;
						}
					}
				} else {
					_t58 = _t53 - 0xb;
					if(_t58 == 0) {
						_t80 = E6D88A6DE(_t77);
						L8:
						_t78 = _v24;
						if( *_t78 != 0 && (_t80 < 0 || _t80 == 0x4000000e)) {
							_push( *_t78);
							_push(0xffffffff);
							E6D8497A0();
							 *_t78 =  *_t78 & 0x00000000;
						}
						if(( *0x6d8f5780 & 0x00000009) != 0) {
							E6D885510("minkernel\\ntdll\\ldrmap.c", 0x302, "LdrpMinimalMapModule", 4, "Status: 0x%08lx\n", _t80);
						}
						return _t80;
					}
					if(_t58 == 0x28) {
						goto L13;
					}
				}
			}




















                                                                                  0x6d81810e
                                                                                  0x6d818110
                                                                                  0x6d818113
                                                                                  0x6d8699dc
                                                                                  0x6d8699f6
                                                                                  0x6d8699fb
                                                                                  0x6d8699fb
                                                                                  0x6d818120
                                                                                  0x6d818124
                                                                                  0x6d81812b
                                                                                  0x6d81812e
                                                                                  0x6d818131
                                                                                  0x6d818138
                                                                                  0x6d81813a
                                                                                  0x6d818141
                                                                                  0x6d869a06
                                                                                  0x6d869a13
                                                                                  0x6d869a1c
                                                                                  0x6d869a3c
                                                                                  0x6d869a3c
                                                                                  0x6d869a1c
                                                                                  0x6d818141
                                                                                  0x6d818147
                                                                                  0x6d81814e
                                                                                  0x6d818152
                                                                                  0x6d818158
                                                                                  0x6d81815e
                                                                                  0x6d818164
                                                                                  0x6d81816a
                                                                                  0x6d869a46
                                                                                  0x6d869a46
                                                                                  0x6d818172
                                                                                  0x6d818172
                                                                                  0x6d818177
                                                                                  0x6d818184
                                                                                  0x6d818185
                                                                                  0x6d818186
                                                                                  0x6d81818b
                                                                                  0x6d81818e
                                                                                  0x6d81818f
                                                                                  0x6d818190
                                                                                  0x6d818191
                                                                                  0x6d818192
                                                                                  0x6d818194
                                                                                  0x6d81819f
                                                                                  0x6d8181a4
                                                                                  0x6d8181ad
                                                                                  0x6d869a54
                                                                                  0x6d869a54
                                                                                  0x6d8181b5
                                                                                  0x6d8181ba
                                                                                  0x6d8181f4
                                                                                  0x6d8181f8
                                                                                  0x6d818205
                                                                                  0x6d818220
                                                                                  0x6d818222
                                                                                  0x6d818222
                                                                                  0x6d818207
                                                                                  0x6d818207
                                                                                  0x6d818207
                                                                                  0x6d818205
                                                                                  0x6d8181bc
                                                                                  0x6d8181bc
                                                                                  0x6d8181bf
                                                                                  0x6d869a65
                                                                                  0x6d8181ca
                                                                                  0x6d8181ca
                                                                                  0x6d8181d0
                                                                                  0x6d81820e
                                                                                  0x6d818210
                                                                                  0x6d818212
                                                                                  0x6d818217
                                                                                  0x6d818217
                                                                                  0x6d8181e5
                                                                                  0x6d869a83
                                                                                  0x6d869a88
                                                                                  0x6d8181f3
                                                                                  0x6d8181f3
                                                                                  0x6d8181c8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8181c8

                                                                                  APIs
                                                                                  • RtlEqualUnicodeString.BCCB(0000002C,6D7E119C,00000001,?,00000000,?,?,6D817F7A,?,00000000,?,00000060,000014A5,?,00000000,00000024), ref: 6D818124
                                                                                  • ZwMapViewOfSection.BCCB(?,000000FF,00000018,00000000,00000000,00000000,00000000,00000001,00800000,00000000,0000002C,6D7E119C,00000001,?,00000000), ref: 6D818197
                                                                                  • ZwUnmapViewOfSection.BCCB(000000FF,?,?,000000FF,00000018,00000000,00000000,00000000,00000000,00000001,00800000,00000000,0000002C,6D7E119C,00000001), ref: 6D818212
                                                                                  • LdrQueryImageFileKeyOption.BCCB(?,?,00000004,00000000,00000004,00000000,0000002C,6D7E119C,00000001,?,00000000,?,?,6D817F7A,?,00000000), ref: 6D869A13
                                                                                  • RtlAcquirePrivilege.BCCB(6D7EE420,00000001,00000000,?,?,?,00000004,00000000,00000004,00000000,0000002C,6D7E119C,00000001,?,00000000), ref: 6D869A2F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: SectionView$AcquireEqualFileImageOptionPrivilegeQueryStringUnicodeUnmap
                                                                                  • String ID: DLL name: %wZ$LdrpMinimalMapModule$Status: 0x%08lx$minkernel\ntdll\ldrmap.c
                                                                                  • API String ID: 3505501266-1759440706
                                                                                  • Opcode ID: f3d8999b659d220442c8aee114b0e3d6b3a8ffe47c403a9a0dd98bbf5dcf2380
                                                                                  • Instruction ID: 387a567e94b85356360aa5708ea17785e98ede8c1d7887e280a7ee922accb8f7
                                                                                  • Opcode Fuzzy Hash: f3d8999b659d220442c8aee114b0e3d6b3a8ffe47c403a9a0dd98bbf5dcf2380
                                                                                  • Instruction Fuzzy Hash: FF41F57290830ABFEB128B58CD49FBA7BB9FB05364F114D59F910A7182D3709948C7A1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8DF019, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 105memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 38%
                                                                                  			E6D8DF019(intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				void* _t39;
				intOrPtr _t55;
				long _t56;
				intOrPtr* _t63;
				intOrPtr _t64;
				void* _t65;

				_v12 = _v12 & 0x00000000;
				_t55 = __edx;
				_t64 = __ecx;
				_v20 = __edx;
				_v24 = __ecx;
				RtlInitUnicodeString( &_v40, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\CommonGlobUserSettings\\");
				_t63 = _a8;
				_t56 = E6D8DF13B(_t64, _t55,  &_v40, _t63,  &_v12);
				if(_t56 >= 0 && _v12 == 2) {
					_t56 = 0;
					_v16 = 0;
					_v8 = 0;
					RtlInitUnicodeString( &_v32, L"RedirectedKey");
					_t39 =  *0x6d7e6cc8( *_t63,  &_v32, 2, 0, 0,  &_v8);
					if(_v8 > 0 && (_t39 == 0xc0000023 || _t39 == 0x80000005)) {
						_t65 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v8);
						if(_t65 != 0) {
							_push( &_v8);
							_push(_v8);
							_push(_t65);
							_push(2);
							_push( &_v32);
							_push( *_t63);
							if( *0x6d7e6cc8() >= 0 &&  *((intOrPtr*)(_t65 + 4)) == 1) {
								_t22 = _t65 + 0xc; // 0xc
								RtlInitUnicodeString( &_v48, _t22);
								if(E6D8DF13B(_v24, _v20,  &_v48,  &_v16,  &_v12) >= 0) {
									 *0x6d7e6cc4( *_t63);
									 *_t63 = _v16;
								}
							}
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t65);
						}
					}
				}
				return _t56;
			}

















                                                                                  0x6d8df021
                                                                                  0x6d8df030
                                                                                  0x6d8df032
                                                                                  0x6d8df035
                                                                                  0x6d8df038
                                                                                  0x6d8df03b
                                                                                  0x6d8df041
                                                                                  0x6d8df056
                                                                                  0x6d8df05a
                                                                                  0x6d8df072
                                                                                  0x6d8df075
                                                                                  0x6d8df078
                                                                                  0x6d8df07b
                                                                                  0x6d8df08f
                                                                                  0x6d8df098
                                                                                  0x6d8df0c3
                                                                                  0x6d8df0c7
                                                                                  0x6d8df0cc
                                                                                  0x6d8df0cd
                                                                                  0x6d8df0d3
                                                                                  0x6d8df0d4
                                                                                  0x6d8df0d6
                                                                                  0x6d8df0d7
                                                                                  0x6d8df0e1
                                                                                  0x6d8df0e9
                                                                                  0x6d8df0f1
                                                                                  0x6d8df110
                                                                                  0x6d8df114
                                                                                  0x6d8df11d
                                                                                  0x6d8df11d
                                                                                  0x6d8df110
                                                                                  0x6d8df12b
                                                                                  0x6d8df12b
                                                                                  0x6d8df0c7
                                                                                  0x6d8df098
                                                                                  0x6d8df138

                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB(?,\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\,00020019,00000000,00000000,?,00000000,?,?,00020019,?,6D8B6114), ref: 6D8DF03B
                                                                                    • Part of subcall function 6D8DF13B: ZwOpenKey.BCCB(?,00020019,?,?,00020019,00000000), ref: 6D8DF182
                                                                                    • Part of subcall function 6D8DF13B: ZwCreateKey.BCCB(?,00020019,00000018,00000000,00000000,00000000,6D8DF056), ref: 6D8DF19F
                                                                                  • RtlInitUnicodeString.BCCB(00020019,RedirectedKey,?,?,00000000,?,00000000,?,?,00020019,?,6D8B6114), ref: 6D8DF07B
                                                                                  • ZwQueryValueKey.BCCB(?,00020019,00000002,00000000,00000000,?,?,00000000,?,?,00020019,?,6D8B6114), ref: 6D8DF08F
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,?,00000000,?,?,00020019,?,6D8B6114), ref: 6D8DF0BE
                                                                                  • ZwQueryValueKey.BCCB(?,00020019,00000002,00000000,?,?,?,?,00000000,?,?,00020019,?,6D8B6114), ref: 6D8DF0D9
                                                                                  • RtlInitUnicodeString.BCCB(?,0000000C,?,00000000,?,?,00020019,?,6D8B6114), ref: 6D8DF0F1
                                                                                  • ZwClose.BCCB(?,?,?,00000002,?,00000000,?,?,00020019,?,6D8B6114), ref: 6D8DF114
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,00000000,?,?,00020019,?,6D8B6114), ref: 6D8DF12B
                                                                                  Strings
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 6D8DF02B
                                                                                  • RedirectedKey, xrefs: 6D8DF06A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitStringUnicode$HeapQueryValue$AllocateCloseCreateFreeOpen
                                                                                  • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                  • API String ID: 1683559675-1388552009
                                                                                  • Opcode ID: 73652dfc3ffc242a779feee530f0fae0324dc22d784cec613b4fc0fb5780331c
                                                                                  • Instruction ID: 21c2b78139b6b6e5e5fc95286ab16f9cd85dbe2a6df73ba716b90c806dd8f83d
                                                                                  • Opcode Fuzzy Hash: 73652dfc3ffc242a779feee530f0fae0324dc22d784cec613b4fc0fb5780331c
                                                                                  • Instruction Fuzzy Hash: A0310871A0114AAFDF51DF94C988EAEBBFCEB18314F104866F605E2250DB30AA45DBA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8040E1, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 29%
                                                                                  			E6D8040E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6D80B150();
					} else {
						E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6D80B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E6D80B150(", passed to %s", _t29);
					}
					_push("\n");
					E6D80B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6d8f6378 = 1;
						asm("int3");
						 *0x6d8f6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                  0x6d8040e6
                                                                                  0x6d8040e8
                                                                                  0x6d8040f1
                                                                                  0x6d86042d
                                                                                  0x6d86044c
                                                                                  0x6d860451
                                                                                  0x6d86042f
                                                                                  0x6d860444
                                                                                  0x6d860449
                                                                                  0x6d86045d
                                                                                  0x6d860466
                                                                                  0x6d86046e
                                                                                  0x6d860474
                                                                                  0x6d860475
                                                                                  0x6d86047a
                                                                                  0x6d86048a
                                                                                  0x6d86048c
                                                                                  0x6d860493
                                                                                  0x6d860494
                                                                                  0x6d860494
                                                                                  0x00000000
                                                                                  0x6d86049b
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,6D8C38D6), ref: 6D860444
                                                                                  • DbgPrint.BCCB(Invalid heap signature for heap at %p,?,?,?,?,?,?,?,6D8C38D6), ref: 6D86045D
                                                                                  • DbgPrint.BCCB(, passed to %s,RtlGetUserInfoHeap,?,?,?,?,?,?,6D8C38D6), ref: 6D86046E
                                                                                  • DbgPrint.BCCB(6D7E6B94,?,?,?,?,?,?,6D8C38D6), ref: 6D86047A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlGetUserInfoHeap
                                                                                  • API String ID: 3558298466-609737958
                                                                                  • Opcode ID: c97b91308e0276a8e79dbcc90867f3a70f47722c7b24af31bfa6bddb66d12b01
                                                                                  • Instruction ID: c5fe191a10737cc5ed486fd331df266fc43ce378fb5cdab7c3300150830bdadf
                                                                                  • Opcode Fuzzy Hash: c97b91308e0276a8e79dbcc90867f3a70f47722c7b24af31bfa6bddb66d12b01
                                                                                  • Instruction Fuzzy Hash: 330120320185C1DED3258B6DE90DF6677B4DB45B78F258C7AF2045B642CB64A540C1B5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D883C93, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 89%
                                                                                  			E6D883C93(intOrPtr __ecx, wchar_t* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				wchar_t* _v32;
				intOrPtr _v36;
				short _v38;
				void* _v40;
				void* _v48;
				void* _v56;
				void* __ebp;
				wchar_t* _t40;
				long _t43;
				long _t67;
				signed int _t72;
				intOrPtr _t75;
				signed short _t76;
				short _t78;
				intOrPtr _t79;
				void* _t80;
				signed short* _t81;
				intOrPtr _t84;
				void* _t85;
				void* _t89;

				_v12 = _v12 & 0x00000000;
				_t81 = __edx;
				_t79 = __ecx;
				_v24 = __ecx;
				_t40 = wcschr(__edx, 0x3d);
				if(_t40 == 0) {
					L25:
					__eflags = 0;
					return 0;
				}
				 *_t40 = 0;
				_t72 =  *_t81 & 0x0000ffff;
				_t87 = _t72 - 0x53;
				if(_t72 != 0x53) {
					__eflags = _t72 - 0x4f;
					if(_t72 != 0x4f) {
						goto L25;
					}
					_t43 = wcstoul( &(_t40[0]),  &_v32, 0x10);
					_t85 = _t85 + 0xc;
					_v12 = _t43;
					__eflags = _t43;
					if(__eflags == 0) {
						goto L25;
					}
					_t67 = 1;
					L6:
					_t80 = E6D883E74(_t79, _t87);
					if(_t80 == 0) {
						goto L25;
					}
					_t75 = 0;
					_t84 = ( *(_t80 + 0x14) & 0x0000ffff) + 0x18 + _t80;
					_t89 = 0 -  *(_t80 + 6);
					while(1) {
						_v8 = _t75;
						if(_t89 >= 0) {
							break;
						}
						_t78 = 8;
						if( *((intOrPtr*)(_t84 + 0xc)) == 0 ||  *((intOrPtr*)(_t84 + 8)) == 0) {
							L23:
							_t75 = _t75 + 1;
							_t84 = _t84 + 0x28;
							_t89 = _t75 - ( *(_t80 + 6) & 0x0000ffff);
							continue;
						} else {
							if(_t67 != 0) {
								_t21 = _t75 + 1; // 0x2
								__eflags = _v12 - _t21;
								if(_v12 != _t21) {
									L21:
									__eflags = _t67;
									if(_t67 != 0) {
										goto L23;
									}
									L22:
									RtlFreeUnicodeString( &_v48);
									_t75 = _v8;
									goto L23;
								}
								L19:
								_v16 =  *((intOrPtr*)(_t84 + 8));
								_v20 =  *((intOrPtr*)(_t84 + 0xc)) + _v24;
								_push( &_v28);
								_push(_a4);
								_push( &_v16);
								_push( &_v20);
								_push(0xffffffff);
								E6D849A00();
								_push(_v28);
								_push(_v16);
								_push(_v20);
								E6D895720(0x55, 3, "Set 0x%X protection for %p section for %d bytes, old protection 0x%X\n", _a4);
								_t85 = _t85 + 0x1c;
								__eflags = _t67;
								if(_t67 != 0) {
									break;
								}
								_t75 = _v8;
								goto L21;
							}
							_t76 = 0;
							_v36 = _t84;
							_v38 = _t78;
							_v40 = 0;
							while( *((char*)((_t76 & 0x0000ffff) + _t84)) != 0) {
								_t76 = _t76 + 1;
								_v40 = _t76;
								if(_t76 < _t78) {
									continue;
								}
								break;
							}
							if(RtlAnsiStringToUnicodeString( &_v48,  &_v40, 1) < 0) {
								goto L25;
							}
							if(RtlCompareUnicodeString( &_v56,  &_v48, 1) == 0) {
								goto L19;
							}
							goto L22;
						}
					}
					return 1;
				}
				RtlInitUnicodeString( &_v56,  &(_t40[0]));
				_t67 = 0;
				goto L6;
			}





























                                                                                  0x6d883c9b
                                                                                  0x6d883ca2
                                                                                  0x6d883ca4
                                                                                  0x6d883ca9
                                                                                  0x6d883cac
                                                                                  0x6d883cb5
                                                                                  0x6d883e08
                                                                                  0x6d883e08
                                                                                  0x00000000
                                                                                  0x6d883e08
                                                                                  0x6d883cbd
                                                                                  0x6d883cc0
                                                                                  0x6d883cc3
                                                                                  0x6d883cc6
                                                                                  0x6d883cd9
                                                                                  0x6d883cdc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d883cec
                                                                                  0x6d883cf1
                                                                                  0x6d883cf4
                                                                                  0x6d883cf7
                                                                                  0x6d883cf9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d883cff
                                                                                  0x6d883d01
                                                                                  0x6d883d08
                                                                                  0x6d883d0c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d883d1b
                                                                                  0x6d883d1d
                                                                                  0x6d883d1f
                                                                                  0x6d883d23
                                                                                  0x6d883d23
                                                                                  0x6d883d26
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d883d32
                                                                                  0x6d883d33
                                                                                  0x6d883df5
                                                                                  0x6d883df9
                                                                                  0x6d883dfa
                                                                                  0x6d883dfd
                                                                                  0x00000000
                                                                                  0x6d883d43
                                                                                  0x6d883d45
                                                                                  0x6d883d94
                                                                                  0x6d883d97
                                                                                  0x6d883d9a
                                                                                  0x6d883de5
                                                                                  0x6d883de5
                                                                                  0x6d883de7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d883de9
                                                                                  0x6d883ded
                                                                                  0x6d883df2
                                                                                  0x00000000
                                                                                  0x6d883df2
                                                                                  0x6d883d9c
                                                                                  0x6d883d9f
                                                                                  0x6d883da8
                                                                                  0x6d883dae
                                                                                  0x6d883daf
                                                                                  0x6d883db5
                                                                                  0x6d883db9
                                                                                  0x6d883dba
                                                                                  0x6d883dbc
                                                                                  0x6d883dc1
                                                                                  0x6d883dc4
                                                                                  0x6d883dc7
                                                                                  0x6d883dd6
                                                                                  0x6d883ddb
                                                                                  0x6d883dde
                                                                                  0x6d883de0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d883de2
                                                                                  0x00000000
                                                                                  0x6d883de2
                                                                                  0x6d883d47
                                                                                  0x6d883d49
                                                                                  0x6d883d4c
                                                                                  0x6d883d50
                                                                                  0x6d883d54
                                                                                  0x6d883d5d
                                                                                  0x6d883d5f
                                                                                  0x6d883d66
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d883d66
                                                                                  0x6d883d79
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d883d90
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d883d92
                                                                                  0x6d883d33
                                                                                  0x00000000
                                                                                  0x6d883e04
                                                                                  0x6d883cd0
                                                                                  0x6d883cd5
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • wcschr.BCCB(?,0000003D,00000000,?), ref: 6D883CAC
                                                                                  • RtlInitUnicodeString.BCCB(?,-00000002,00000000,?), ref: 6D883CD0
                                                                                  • wcstoul.BCCB(-00000002,?,00000010,00000000,?), ref: 6D883CEC
                                                                                  • RtlAnsiStringToUnicodeString.BCCB(?,?,00000001,00000000,?), ref: 6D883D72
                                                                                  • RtlCompareUnicodeString.BCCB(?,?,00000001,?,?,00000001,00000000,?), ref: 6D883D89
                                                                                  • ZwProtectVirtualMemory.BCCB(000000FF,?,?,00000000,?,00000000,?), ref: 6D883DBC
                                                                                  • DbgPrintEx.BCCB(00000055,00000003,Set 0x%X protection for %p section for %d bytes, old protection 0x%X,00000000,?,?,?,000000FF,?,?,00000000,?,00000000,?), ref: 6D883DD6
                                                                                  • RtlFreeUnicodeString.BCCB(?,00000000,?), ref: 6D883DED
                                                                                  Strings
                                                                                  • Set 0x%X protection for %p section for %d bytes, old protection 0x%X, xrefs: 6D883DCD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: String$Unicode$AnsiCompareFreeInitMemoryPrintProtectVirtualwcschrwcstoul
                                                                                  • String ID: Set 0x%X protection for %p section for %d bytes, old protection 0x%X
                                                                                  • API String ID: 1186784509-1979073566
                                                                                  • Opcode ID: 34a4365cc602b6fa1c8aab8ca2c7ca91d3c747ba60936131b484a0ac05587360
                                                                                  • Instruction ID: d9461545730df09c30569c6ba4eecc1c4f681f6426df11b82158c3266a5ac5b8
                                                                                  • Opcode Fuzzy Hash: 34a4365cc602b6fa1c8aab8ca2c7ca91d3c747ba60936131b484a0ac05587360
                                                                                  • Instruction Fuzzy Hash: D841B572D4420AAADB10CBA8C859BFEB7F8AF04310F51482AF955E3541E736DE45C7A1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83F0BF, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 137memorynativefileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 75%
                                                                                  			E6D83F0BF(signed short* __ecx, signed short __edx, void* __eflags, void** _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v68;
				void* _v72;
				intOrPtr _v76;
				void* _t51;
				signed short _t82;
				short _t84;
				signed int _t91;
				void* _t97;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				void* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E6D824120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t108 = E6D849830();
					RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v44);
						_push( &_v52);
						_push(_v68);
						_t108 = E6D849990();
						if(_t108 < 0) {
							L10:
							_push(_v68);
							E6D8495D0();
							goto L11;
						} else {
							_t109 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								_t97 = _t21;
								 *((intOrPtr*)(_t109 + 4)) = _v76;
								 *_t109 = 1;
								 *(_t109 + 0x10) = _t97;
								 *(_t109 + 0xe) = _t82;
								 *(_t109 + 8) = _v72;
								 *((intOrPtr*)(_t109 + 0x14)) = _v48;
								memcpy(_t97, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *(_t109 + 0x10) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v76);
										E6D8495D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)( *(_t109 + 0x10) + _t100)) = _t84;
										 *((short*)( *(_t109 + 0x10) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}


























                                                                                  0x6d83f0d3
                                                                                  0x6d83f0d9
                                                                                  0x6d83f0e0
                                                                                  0x6d83f0e7
                                                                                  0x6d83f0f2
                                                                                  0x6d83f0f4
                                                                                  0x6d83f0f8
                                                                                  0x6d83f100
                                                                                  0x6d83f108
                                                                                  0x6d83f10d
                                                                                  0x6d83f115
                                                                                  0x6d83f116
                                                                                  0x6d83f11f
                                                                                  0x6d83f123
                                                                                  0x6d83f124
                                                                                  0x6d83f12c
                                                                                  0x6d83f130
                                                                                  0x6d83f144
                                                                                  0x6d83f14b
                                                                                  0x6d83f152
                                                                                  0x6d87bab0
                                                                                  0x6d87bab0
                                                                                  0x6d83f158
                                                                                  0x6d83f158
                                                                                  0x6d83f15a
                                                                                  0x6d83f160
                                                                                  0x6d83f165
                                                                                  0x6d83f166
                                                                                  0x6d83f16f
                                                                                  0x6d83f173
                                                                                  0x6d87baa7
                                                                                  0x6d87baa7
                                                                                  0x6d87baab
                                                                                  0x00000000
                                                                                  0x6d83f179
                                                                                  0x6d83f18d
                                                                                  0x6d83f191
                                                                                  0x6d87baa2
                                                                                  0x00000000
                                                                                  0x6d83f197
                                                                                  0x6d83f19b
                                                                                  0x6d83f19b
                                                                                  0x6d83f1a2
                                                                                  0x6d83f1a9
                                                                                  0x6d83f1af
                                                                                  0x6d83f1b2
                                                                                  0x6d83f1b6
                                                                                  0x6d83f1b9
                                                                                  0x6d83f1c4
                                                                                  0x6d83f1d8
                                                                                  0x6d83f1df
                                                                                  0x6d83f1e3
                                                                                  0x6d83f1eb
                                                                                  0x6d83f1ee
                                                                                  0x6d83f1f4
                                                                                  0x6d83f20f
                                                                                  0x6d87bab7
                                                                                  0x6d87babb
                                                                                  0x6d87bacc
                                                                                  0x6d87bad1
                                                                                  0x6d83f215
                                                                                  0x6d83f218
                                                                                  0x6d83f226
                                                                                  0x6d83f22b
                                                                                  0x00000000
                                                                                  0x6d83f22b
                                                                                  0x6d83f1f6
                                                                                  0x6d83f1f6
                                                                                  0x6d83f1f9
                                                                                  0x6d83f1fb
                                                                                  0x6d83f1fb
                                                                                  0x6d83f1f4
                                                                                  0x6d83f191
                                                                                  0x6d83f173
                                                                                  0x6d83f152
                                                                                  0x6d83f203

                                                                                  APIs
                                                                                  • ZwOpenFile.BCCB(?,?,?,00000021,00100020,?), ref: 6D83F134
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,?,?,00000021,00100020,?), ref: 6D83F14B
                                                                                  • ZwQueryVolumeInformationFile.BCCB(00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6D83F16A
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6D83F188
                                                                                  • memcpy.BCCB(00000018,00100000,00000000,00000000,?,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021), ref: 6D83F1C4
                                                                                  • ZwClose.BCCB(00000000,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6D87BAAB
                                                                                  • ZwClose.BCCB(?,?,?,?,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6D8F79A0,6D8F79A0), ref: 6D87BABB
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6D87BACC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$CloseFileFree$AllocateInformationOpenQueryVolumememcpy
                                                                                  • String ID: @
                                                                                  • API String ID: 3376599671-2766056989
                                                                                  • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                  • Instruction ID: 6c5cf0457069335a2685a947a2da3fab5e718ba9d9d838e35a80a1900a2cedd6
                                                                                  • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                  • Instruction Fuzzy Hash: 2A517971504714ABC321CF59C844A6BBBF8BF48714F018A2EFA9587690E7B4E944CBD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8B6369, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 113nativefileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 46%
                                                                                  			E6D8B6369(char* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr* _a4) {
				signed int _v12;
				short _v536;
				char _v540;
				char _v544;
				char _v548;
				intOrPtr _v556;
				char _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				char _v584;
				void* _v592;
				char _v600;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t33;
				char* _t50;
				intOrPtr* _t52;
				intOrPtr* _t63;
				signed int _t65;

				_v12 =  *0x6d8fd360 ^ _t65;
				_t52 = _a4;
				_t63 = __edx;
				_t64 = __ecx;
				_t62 = 0x100;
				if(E6D89CD55( &_v536, 0x100, L"\\SystemRoot\\Globalization\\") < 0) {
					L11:
					_t33 = 0xc0000001;
					L12:
					return E6D84B640(_t33, _t52, _v12 ^ _t65, _t62, _t63, _t64);
				}
				_t64 = 0x100;
				_t62 = 0x100;
				if(E6D8A83B1( &_v536, 0x100, __ecx) < 0) {
					goto L11;
				}
				_t62 = 0x100;
				if(E6D8A83B1( &_v536, 0x100, L".nlp") < 0) {
					goto L11;
				}
				RtlInitUnicodeString( &_v592,  &_v536);
				_v584 = 0x18;
				_push(0);
				_v580 = 0;
				_v576 =  &_v592;
				_push(1);
				_push( &_v600);
				_v572 = 0x40;
				_push( &_v584);
				_push(0x80100000);
				_v568 = 0;
				_push( &_v540);
				_v564 = 0;
				_t64 = E6D849830();
				if(_t64 >= 0) {
					_t62 =  &_v560;
					if(E6D8B60A2(_v540,  &_v560) < 0 || _v556 != 0) {
						_t64 = 0xc0000001;
					} else {
						_push(_v540);
						_push(0x8000000);
						_push(2);
						 *_t52 = _v560;
						_t52 = 0;
						_push(0);
						_push(0);
						_push(0xf0005);
						_push( &_v544);
						_t64 = E6D8499A0();
						if(_t64 >= 0) {
							_push(2);
							_push(0);
							_push(1);
							 *_t63 = 0;
							_push( &_v548);
							_push(0);
							_push(0);
							_push(0);
							_push(_t63);
							_push(0xffffffff);
							_push(_v544);
							_v548 = 0;
							_t50 = E6D849780();
							_push(_v544);
							_t64 = _t50;
							E6D8495D0();
						}
					}
					_push(_v540);
					E6D8495D0();
				}
				_t33 = _t64;
				goto L12;
			}


























                                                                                  0x6d8b637b
                                                                                  0x6d8b637f
                                                                                  0x6d8b6384
                                                                                  0x6d8b6386
                                                                                  0x6d8b638d
                                                                                  0x6d8b639f
                                                                                  0x6d8b64e3
                                                                                  0x6d8b64e3
                                                                                  0x6d8b64e8
                                                                                  0x6d8b64f8
                                                                                  0x6d8b64f8
                                                                                  0x6d8b63a6
                                                                                  0x6d8b63b1
                                                                                  0x6d8b63ba
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8b63c5
                                                                                  0x6d8b63d4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8b63e8
                                                                                  0x6d8b63ef
                                                                                  0x6d8b63f9
                                                                                  0x6d8b6400
                                                                                  0x6d8b6406
                                                                                  0x6d8b6412
                                                                                  0x6d8b6414
                                                                                  0x6d8b641b
                                                                                  0x6d8b6425
                                                                                  0x6d8b6426
                                                                                  0x6d8b6431
                                                                                  0x6d8b6437
                                                                                  0x6d8b6438
                                                                                  0x6d8b6443
                                                                                  0x6d8b6447
                                                                                  0x6d8b6453
                                                                                  0x6d8b6460
                                                                                  0x6d8b64cf
                                                                                  0x6d8b646b
                                                                                  0x6d8b646b
                                                                                  0x6d8b6477
                                                                                  0x6d8b647c
                                                                                  0x6d8b647e
                                                                                  0x6d8b6480
                                                                                  0x6d8b6482
                                                                                  0x6d8b6483
                                                                                  0x6d8b6484
                                                                                  0x6d8b648f
                                                                                  0x6d8b6495
                                                                                  0x6d8b6499
                                                                                  0x6d8b649b
                                                                                  0x6d8b649d
                                                                                  0x6d8b649e
                                                                                  0x6d8b64a6
                                                                                  0x6d8b64a8
                                                                                  0x6d8b64a9
                                                                                  0x6d8b64aa
                                                                                  0x6d8b64ab
                                                                                  0x6d8b64ac
                                                                                  0x6d8b64ad
                                                                                  0x6d8b64af
                                                                                  0x6d8b64b5
                                                                                  0x6d8b64bb
                                                                                  0x6d8b64c0
                                                                                  0x6d8b64c6
                                                                                  0x6d8b64c8
                                                                                  0x6d8b64c8
                                                                                  0x6d8b6499
                                                                                  0x6d8b64d4
                                                                                  0x6d8b64da
                                                                                  0x6d8b64da
                                                                                  0x6d8b64df
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB(?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6D8B63E8
                                                                                  • ZwOpenFile.BCCB(?,80100000,00000018,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6D8B643E
                                                                                    • Part of subcall function 6D8B60A2: ZwQueryInformationFile.BCCB(?,00000001,?,00000018,00000005,00000000,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000), ref: 6D8B60C4
                                                                                  • ZwCreateSection.BCCB(?,000F0005,00000000,00000000,00000002,08000000,?,?,80100000,00000018,?,00000001,00000000,?,?,.nlp), ref: 6D8B6490
                                                                                    • Part of subcall function 6D8499A0: LdrInitializeThunk.NTDLL(6D891A59,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6D8499AA
                                                                                  • ZwMapViewOfSection.BCCB(?,000000FF,00000000,00000000,00000000,00000000,?,00000001,00000000,00000002,?,000F0005,00000000,00000000,00000002,08000000), ref: 6D8B64BB
                                                                                    • Part of subcall function 6D849780: LdrInitializeThunk.NTDLL(6D891A79,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004), ref: 6D84978A
                                                                                  • ZwClose.BCCB(?,?,000000FF,00000000,00000000,00000000,00000000,?,00000001,00000000,00000002,?,000F0005,00000000,00000000,00000002), ref: 6D8B64C8
                                                                                  • ZwClose.BCCB(?,?,80100000,00000018,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6D8B64DA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CloseFileInitializeSectionThunk$CreateInformationInitOpenQueryStringUnicodeView
                                                                                  • String ID: .nlp$@$\SystemRoot\Globalization\
                                                                                  • API String ID: 4284092774-2934557456
                                                                                  • Opcode ID: 102213349b80fae7b6798e308d7476aacadf267b60e2982062e1f83ddd4aa06f
                                                                                  • Instruction ID: ba19f5b4b32655c24c7dfb7b12c83856cae82d9dfffe493a822db6b14c8645ef
                                                                                  • Opcode Fuzzy Hash: 102213349b80fae7b6798e308d7476aacadf267b60e2982062e1f83ddd4aa06f
                                                                                  • Instruction Fuzzy Hash: BD414E71D4162D6BDB319A68CC8DFDEB678EB44314F1145E5AA08A7340DB749E84CFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8337EB, Relevance: 15.3, APIs: 10, Instructions: 269memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 86%
                                                                                  			E6D8337EB(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t98;
				intOrPtr _t102;
				char* _t113;
				signed short _t123;
				signed int _t124;
				signed int _t129;
				intOrPtr* _t133;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t139;
				intOrPtr* _t141;
				long _t152;
				void* _t153;
				signed int _t154;
				signed int _t155;
				signed int _t157;
				signed int _t160;
				signed short _t163;
				signed short _t164;
				signed int _t173;
				intOrPtr* _t176;
				short _t178;
				intOrPtr _t179;
				intOrPtr* _t181;
				intOrPtr _t182;
				void* _t183;

				_push(0x50);
				_push(0x6d8dff48);
				E6D85D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t183 - 0x44)) = __ecx;
				 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000001;
				 *((intOrPtr*)(_t183 - 0x24)) = 0;
				 *((intOrPtr*)(__ecx)) = 0;
				 *(_t183 - 0x2c) = __edx & 0x00000001;
				_t98 =  *[fs:0x30];
				RtlImageNtHeader( *(_t98 + 8));
				if(_t98 == 0) {
					_t178 = 0xc000007b;
					L28:
					return E6D85D0D1(_t178);
				}
				 *((intOrPtr*)(_t183 - 0x38)) =  *((intOrPtr*)(_t98 + 0x60));
				_t179 =  *((intOrPtr*)(_t98 + 0x64));
				 *((intOrPtr*)(_t183 - 0x30)) = _t179;
				_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x208));
				if(_t102 != 0) {
					if(_t179 < _t102) {
						 *((intOrPtr*)(_t183 - 0x30)) = _t102;
					}
				}
				_t181 = RtlAllocateHeap( *( *[fs:0x30] + 0x18),  *0x6d8f84c4 + 0x000c0000 | 0x00000008, 0x120);
				 *((intOrPtr*)(_t183 - 0x20)) = _t181;
				 *((intOrPtr*)(_t183 - 4)) = 0;
				 *((intOrPtr*)(_t183 - 0x40)) = 1;
				if(_t181 == 0) {
					L36:
					_t178 = 0xc0000017;
					 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000017;
					goto L24;
				} else {
					_t152 =  *0x6d8f84c4 + 0xc0000;
					 *(_t183 - 0x48) = _t152;
					_t153 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t152,  *0x6d8f84c0 * 0x24);
					 *((intOrPtr*)(_t183 - 0x24)) = _t153;
					if(_t153 == 0) {
						_t178 = 0xc0000017;
						 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000017;
						_t181 =  *((intOrPtr*)(_t183 - 0x20));
						L24:
						 *((intOrPtr*)(_t183 - 4)) = 0xfffffffe;
						 *((intOrPtr*)(_t183 - 0x40)) = 0;
						E6D833B5A(_t107, 0, _t178, _t181);
						if(_t178 < 0) {
							goto L28;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t183 - 0x44)))) = _t181;
						if(E6D827D50() != 0) {
							_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							_t178 =  *((intOrPtr*)(_t183 - 0x1c));
							_t181 =  *((intOrPtr*)(_t183 - 0x20));
						} else {
							_t113 = 0x7ffe0386;
						}
						if( *_t113 != 0) {
							L32:
							E6D8D8BB6(_t181);
						}
						goto L28;
					}
					_t154 = 0;
					 *(_t183 - 0x28) = 0;
					_t182 =  *((intOrPtr*)(_t183 - 0x20));
					_t173 =  *0x6d8f84c0;
					while(_t154 < 3) {
						 *((intOrPtr*)(_t182 + 0x10 + _t154 * 4)) = _t173 * _t154 * 0xc +  *((intOrPtr*)(_t183 - 0x24));
						_t154 = _t154 + 1;
						 *(_t183 - 0x28) = _t154;
					}
					_t155 = 0;
					while(1) {
						 *(_t183 - 0x28) = _t155;
						if(_t155 >= _t173 * 3) {
							break;
						}
						_t141 = _t155 * 0xc +  *((intOrPtr*)(_t183 - 0x24));
						 *((intOrPtr*)(_t141 + 8)) = 0;
						 *((intOrPtr*)(_t141 + 4)) = _t141;
						 *_t141 = _t141;
						_t155 = _t155 + 1;
					}
					_t157 =  *0x6d8f84c4 + 0xc0000;
					 *(_t183 - 0x4c) = _t157;
					_t107 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t157 | 0x00000008, _t173 << 2);
					_t181 =  *((intOrPtr*)(_t183 - 0x20));
					 *(_t181 + 0x1c) = _t107;
					if(_t107 == 0) {
						goto L36;
					}
					_t160 =  *0x6d8f84c4 + 0xc0000;
					 *(_t183 - 0x50) = _t160;
					_t107 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t160 | 0x00000008,  *0x6d8f84c0 * 0xc);
					_t181 =  *((intOrPtr*)(_t183 - 0x20));
					 *(_t181 + 0x20) = _t107;
					if(_t107 == 0) {
						goto L36;
					}
					_t123 =  *0x7ffe03c0;
					 *(_t183 - 0x34) = _t123;
					 *(_t183 - 0x54) = _t123;
					 *(_t181 + 0x100) = _t123;
					_t178 = E6D833B7A(_t181);
					 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
					if(_t178 < 0) {
						goto L24;
					}
					 *((intOrPtr*)(_t181 + 0x104)) = 0xfffffffe;
					 *(_t183 - 0x60) = 0;
					 *((intOrPtr*)(_t183 - 0x5c)) = 0;
					_t163 =  *(_t183 - 0x34);
					_t124 = _t163 & 0x0000ffff;
					 *(_t183 - 0x60) = _t124;
					 *(_t181 + 8) = _t124;
					 *((intOrPtr*)(_t181 + 0xc)) = 0;
					 *_t181 = 1;
					if(_t163 < 4) {
						_t164 = 4;
					} else {
						_t164 = _t163 + 1;
					}
					 *(_t183 - 0x34) = _t164;
					_t49 = _t181 + 0x28; // 0x28
					_push(_t164);
					_push(0);
					_push(0x1f0003);
					_t178 = E6D849F70();
					 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
					if(_t178 < 0) {
						goto L24;
					} else {
						 *((intOrPtr*)(_t183 - 4)) = 1;
						 *((intOrPtr*)(_t183 - 0x3c)) = 1;
						_t129 =  *0x7ffe03c0 << 2;
						if(_t129 < 0x200) {
							_t129 = 0x200;
						}
						_t53 = _t181 + 0x24; // 0x24
						_push( *((intOrPtr*)(_t183 - 0x30)));
						_push( *((intOrPtr*)(_t183 - 0x38)));
						_push(_t129);
						_push(_t181);
						_push(0x6d82c740);
						_push(0xffffffff);
						_push( *((intOrPtr*)(_t181 + 0x28)));
						_push(0);
						_push(0xf00ff);
						_t178 = E6D84A160();
						 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
						if(_t178 < 0) {
							L23:
							 *((intOrPtr*)(_t183 - 4)) = 0;
							 *((intOrPtr*)(_t183 - 0x3c)) = 0;
							_t107 = E6D833B48(_t130, 0, _t178, _t181);
							goto L24;
						} else {
							if( *(_t183 - 0x2c) != 0) {
								_push(4);
								_push(_t183 - 0x2c);
								_push(0xd);
								_push( *((intOrPtr*)(_t181 + 0x24)));
								_t178 = E6D84AE70();
								 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
								if(_t178 < 0) {
									goto L23;
								}
								 *((short*)(_t181 + 0xe6)) =  *(_t183 - 0x2c);
							}
							 *((intOrPtr*)(_t181 + 0x2c)) = 0;
							 *((intOrPtr*)(_t181 + 0xe0)) = 0;
							 *((intOrPtr*)(_t181 + 0x110)) = 0;
							 *((short*)(_t181 + 0xe4)) = 0;
							_t63 = _t181 + 0x30; // 0x30
							_t133 = _t63;
							 *((intOrPtr*)(_t133 + 4)) = _t133;
							 *_t133 = _t133;
							_t65 = _t181 + 0x38; // 0x38
							_t134 = _t65;
							 *((intOrPtr*)(_t134 + 4)) = _t134;
							 *_t134 = _t134;
							_t67 = _t181 + 0x114; // 0x114
							_t135 = _t67;
							 *((intOrPtr*)(_t135 + 4)) = _t135;
							 *_t135 = _t135;
							E6D82F194(_t181, _t183 - 0x58, 0);
							_t181 =  *((intOrPtr*)(_t183 - 0x20));
							 *((intOrPtr*)(_t181 + 0xf0)) =  *((intOrPtr*)(_t183 + 4));
							_t73 = _t181 + 0x40; // 0x40
							_t178 = E6D83196E(_t73, _t181);
							 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
							if(_t178 < 0) {
								goto L23;
							}
							_t178 = 0;
							 *((intOrPtr*)(_t183 - 0x1c)) = 0;
							E6D822280(_t130, 0x6d8f86b4);
							 *((intOrPtr*)(_t183 - 4)) = 2;
							_t77 = _t181 + 0xe8; // 0xe8
							_t139 = _t77;
							_t176 =  *0x6d8f53dc; // 0x6d8f53d8
							if( *_t176 != 0x6d8f53d8) {
								_push(3);
								asm("int 0x29");
								goto L32;
							}
							 *_t139 = 0x6d8f53d8;
							 *((intOrPtr*)(_t139 + 4)) = _t176;
							 *_t176 = _t139;
							 *0x6d8f53dc = _t139;
							 *((intOrPtr*)(_t183 - 4)) = 1;
							_t130 = E6D833B3D();
							goto L23;
						}
					}
				}
			}





























                                                                                  0x6d8337eb
                                                                                  0x6d8337ed
                                                                                  0x6d8337f2
                                                                                  0x6d8337f7
                                                                                  0x6d8337fa
                                                                                  0x6d833803
                                                                                  0x6d833806
                                                                                  0x6d83380b
                                                                                  0x6d83380e
                                                                                  0x6d833817
                                                                                  0x6d83381e
                                                                                  0x6d87615c
                                                                                  0x6d833b0c
                                                                                  0x6d833b13
                                                                                  0x6d833b13
                                                                                  0x6d833827
                                                                                  0x6d83382a
                                                                                  0x6d83382d
                                                                                  0x6d833836
                                                                                  0x6d83383e
                                                                                  0x6d876168
                                                                                  0x6d87616e
                                                                                  0x6d87616e
                                                                                  0x6d876168
                                                                                  0x6d833865
                                                                                  0x6d833867
                                                                                  0x6d83386a
                                                                                  0x6d83386d
                                                                                  0x6d833876
                                                                                  0x6d876176
                                                                                  0x6d876176
                                                                                  0x6d87617b
                                                                                  0x00000000
                                                                                  0x6d83387c
                                                                                  0x6d833882
                                                                                  0x6d833888
                                                                                  0x6d8338a2
                                                                                  0x6d8338a4
                                                                                  0x6d8338a9
                                                                                  0x6d876183
                                                                                  0x6d876188
                                                                                  0x6d87618b
                                                                                  0x6d833ad9
                                                                                  0x6d833ad9
                                                                                  0x6d833ae0
                                                                                  0x6d833ae7
                                                                                  0x6d833aee
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d833af3
                                                                                  0x6d833afc
                                                                                  0x6d876288
                                                                                  0x6d87628d
                                                                                  0x6d876290
                                                                                  0x6d833b02
                                                                                  0x6d833b02
                                                                                  0x6d833b02
                                                                                  0x6d833b0a
                                                                                  0x6d833b71
                                                                                  0x6d833b73
                                                                                  0x6d833b73
                                                                                  0x00000000
                                                                                  0x6d833b0a
                                                                                  0x6d8338af
                                                                                  0x6d8338b1
                                                                                  0x6d8338b4
                                                                                  0x6d8338b7
                                                                                  0x6d8338bd
                                                                                  0x6d8338cd
                                                                                  0x6d8338d1
                                                                                  0x6d8338d2
                                                                                  0x6d8338d2
                                                                                  0x6d8338d7
                                                                                  0x6d8338d9
                                                                                  0x6d8338d9
                                                                                  0x6d8338e1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8338e6
                                                                                  0x6d8338e9
                                                                                  0x6d8338ec
                                                                                  0x6d8338ef
                                                                                  0x6d8338f1
                                                                                  0x6d8338f1
                                                                                  0x6d8338fa
                                                                                  0x6d833900
                                                                                  0x6d833916
                                                                                  0x6d83391b
                                                                                  0x6d83391e
                                                                                  0x6d833923
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d83392f
                                                                                  0x6d833935
                                                                                  0x6d83394d
                                                                                  0x6d833952
                                                                                  0x6d833955
                                                                                  0x6d83395a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d833960
                                                                                  0x6d833965
                                                                                  0x6d833968
                                                                                  0x6d83396b
                                                                                  0x6d833978
                                                                                  0x6d83397a
                                                                                  0x6d83397f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d833985
                                                                                  0x6d83398f
                                                                                  0x6d833992
                                                                                  0x6d833995
                                                                                  0x6d833998
                                                                                  0x6d83399b
                                                                                  0x6d83399e
                                                                                  0x6d8339a1
                                                                                  0x6d8339a4
                                                                                  0x6d8339ad
                                                                                  0x6d876195
                                                                                  0x6d8339b3
                                                                                  0x6d8339b3
                                                                                  0x6d8339b3
                                                                                  0x6d8339b4
                                                                                  0x6d8339b7
                                                                                  0x6d8339ba
                                                                                  0x6d8339bb
                                                                                  0x6d8339bc
                                                                                  0x6d8339c7
                                                                                  0x6d8339c9
                                                                                  0x6d8339ce
                                                                                  0x00000000
                                                                                  0x6d8339d4
                                                                                  0x6d8339d7
                                                                                  0x6d8339da
                                                                                  0x6d8339e2
                                                                                  0x6d8339ec
                                                                                  0x6d8339ee
                                                                                  0x6d8339ee
                                                                                  0x6d8339f0
                                                                                  0x6d8339f3
                                                                                  0x6d8339f6
                                                                                  0x6d8339f9
                                                                                  0x6d8339fa
                                                                                  0x6d8339fb
                                                                                  0x6d833a00
                                                                                  0x6d833a02
                                                                                  0x6d833a05
                                                                                  0x6d833a06
                                                                                  0x6d833a11
                                                                                  0x6d833a13
                                                                                  0x6d833a18
                                                                                  0x6d833aca
                                                                                  0x6d833aca
                                                                                  0x6d833acd
                                                                                  0x6d833ad4
                                                                                  0x00000000
                                                                                  0x6d833a1e
                                                                                  0x6d833a22
                                                                                  0x6d833b14
                                                                                  0x6d833b19
                                                                                  0x6d833b1a
                                                                                  0x6d833b1c
                                                                                  0x6d833b24
                                                                                  0x6d833b26
                                                                                  0x6d833b2b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d833b31
                                                                                  0x6d833b31
                                                                                  0x6d833a28
                                                                                  0x6d833a2b
                                                                                  0x6d833a31
                                                                                  0x6d833a37
                                                                                  0x6d833a3e
                                                                                  0x6d833a3e
                                                                                  0x6d833a41
                                                                                  0x6d833a44
                                                                                  0x6d833a46
                                                                                  0x6d833a46
                                                                                  0x6d833a49
                                                                                  0x6d833a4c
                                                                                  0x6d833a4e
                                                                                  0x6d833a4e
                                                                                  0x6d833a54
                                                                                  0x6d833a57
                                                                                  0x6d833a5f
                                                                                  0x6d833a67
                                                                                  0x6d833a6a
                                                                                  0x6d833a70
                                                                                  0x6d833a7a
                                                                                  0x6d833a7c
                                                                                  0x6d833a81
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d833a83
                                                                                  0x6d833a85
                                                                                  0x6d833a8d
                                                                                  0x6d833a92
                                                                                  0x6d833a99
                                                                                  0x6d833a99
                                                                                  0x6d833a9f
                                                                                  0x6d833aac
                                                                                  0x6d833b6c
                                                                                  0x6d833b6f
                                                                                  0x00000000
                                                                                  0x6d833b6f
                                                                                  0x6d833ab2
                                                                                  0x6d833ab4
                                                                                  0x6d833ab7
                                                                                  0x6d833ab9
                                                                                  0x6d833abe
                                                                                  0x6d833ac5
                                                                                  0x00000000
                                                                                  0x6d833ac5
                                                                                  0x6d833a18
                                                                                  0x6d8339ce

                                                                                  APIs
                                                                                  • RtlImageNtHeader.BCCB(?,6D8DFF48,00000050,6D833E98,?,6D82F900,00000000,00000000,?,?,?,6D8DFEB8,0000001C,6D802C4C,?), ref: 6D833817
                                                                                    • Part of subcall function 6D81B060: RtlImageNtHeaderEx.BCCB(00000001,?,00000000,00000000,?,?,?,6D83381C,?,6D8DFF48,00000050,6D833E98,?,6D82F900,00000000,00000000), ref: 6D81B076
                                                                                  • RtlAllocateHeap.BCCB(?,?,00000120,?,6D8DFF48,00000050,6D833E98,?,6D82F900,00000000,00000000,?,?,?,6D8DFEB8,0000001C), ref: 6D833860
                                                                                  • RtlAllocateHeap.BCCB(?,?,00000000,?,?,00000120,?,6D8DFF48,00000050,6D833E98,?,6D82F900,00000000,00000000), ref: 6D83389D
                                                                                  • RtlAllocateHeap.BCCB(?,?,?,?,?,00000000,?,?,00000120,?,6D8DFF48,00000050,6D833E98,?,6D82F900,00000000), ref: 6D833916
                                                                                  • RtlAllocateHeap.BCCB(?,?,00000000,?,?,?,?,?,00000000,?,?,00000120,?,6D8DFF48,00000050,6D833E98), ref: 6D83394D
                                                                                  • ZwCreateIoCompletion.BCCB(00000028,001F0003,00000000,?), ref: 6D8339C2
                                                                                  • ZwCreateWorkerFactory.BCCB(00000024,000F00FF,00000000,?,000000FF,6D82C740,00000000,7FFE03C0,?,?,00000028,001F0003,00000000,?), ref: 6D833A0C
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F86B4,00000000,00000024,000F00FF,00000000,?,000000FF,6D82C740,00000000,7FFE03C0,?,?,00000028,001F0003,00000000,?), ref: 6D833A8D
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,00000000,?,?,?,?,?,00000000,?,?,00000120,?,6D8DFF48,00000050,6D833E98), ref: 6D833AF5
                                                                                  • ZwSetInformationWorkerFactory.BCCB(?,0000000D,00000000,00000004,00000024,000F00FF,00000000,?,000000FF,6D82C740,00000000,7FFE03C0,?,?,00000028,001F0003), ref: 6D833B1F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap$CreateFactoryHeaderImageWorker$AcquireCompletionCurrentExclusiveInformationLockServiceSession
                                                                                  • String ID:
                                                                                  • API String ID: 358453882-0
                                                                                  • Opcode ID: 31039fcf80c92db0e0fd05711686236195fb64e4445441cf22075d5801187c7c
                                                                                  • Instruction ID: 4c23bf3aa6d87b1fdee95919e282ad5289c28a0bc2e52cbd4b40739de7126bdc
                                                                                  • Opcode Fuzzy Hash: 31039fcf80c92db0e0fd05711686236195fb64e4445441cf22075d5801187c7c
                                                                                  • Instruction Fuzzy Hash: 14B155B19046199FCB15CFA9C948BAEBBF4FB49304F12892EE51AEB350D7349901CF90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82F86D, Relevance: 15.1, APIs: 10, Instructions: 124threadmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 93%
                                                                                  			E6D82F86D(void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int _t48;
				signed int _t50;
				signed int _t53;
				intOrPtr _t60;
				signed int* _t66;
				signed int _t67;
				signed int* _t70;
				void* _t71;

				_t64 = __edx;
				_t61 = __ecx;
				_push(0x1c);
				_push(0x6d8dfeb8);
				E6D85D08C(__ebx, __edi, __esi);
				_t60 = __edx;
				 *((intOrPtr*)(_t71 - 0x28)) = __edx;
				_t70 = __ecx;
				 *((intOrPtr*)(_t71 - 0x2c)) = __ecx;
				_t66 =  *(_t71 + 8);
				if(_t66 == 0 || __ecx == 0 || __edx == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E6D8D88F5(_t60, _t61, _t64, _t66, _t70, __eflags);
					_t31 = 0xc000000d;
					goto L9;
				} else {
					if( *__ecx == 0) {
						L10:
						 *(_t71 - 0x20) =  *(_t71 - 0x20) & 0x00000000;
						_t67 = E6D833E70(_t71 - 0x20, 0);
						 *(_t71 - 0x24) = _t67;
						__eflags = _t67;
						if(_t67 < 0) {
							L24:
							_t31 = _t67;
							L9:
							return E6D85D0D1(_t31);
						}
						E6D822280(_t36, _t60);
						 *(_t71 - 4) = 1;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							asm("lock inc dword [eax]");
							L21:
							 *(_t71 - 4) = 0xfffffffe;
							E6D82F9DD(_t60);
							_t40 =  *(_t71 - 0x20);
							__eflags = _t40;
							if(__eflags != 0) {
								_push(_t40);
								E6D809100(_t60, _t61, _t67, _t70, __eflags);
							}
							__eflags = _t67;
							if(_t67 >= 0) {
								 *( *(_t71 + 8)) =  *_t70;
							}
							goto L24;
						}
						__eflags = _t70 - 0x6d8f86c0;
						if(_t70 != 0x6d8f86c0) {
							__eflags = _t70 - 0x6d8f86b8;
							if(_t70 != 0x6d8f86b8) {
								L20:
								 *_t70 =  *(_t71 - 0x20);
								_t20 = _t71 - 0x20;
								 *_t20 =  *(_t71 - 0x20) & 0x00000000;
								__eflags =  *_t20;
								goto L21;
							}
							E6D835AA0(_t61,  *(_t71 - 0x20), 1);
							_t45 = E6D8095F0( *(_t71 - 0x20), 1);
							L27:
							_t67 = _t45;
							__eflags = _t67;
							 *(_t71 - 0x24) = _t67;
							if(_t67 >= 0) {
								goto L20;
							}
							goto L21;
						}
						_t46 =  *0x6d8f8754;
						__eflags = _t46;
						if(_t46 != 0) {
							E6D835AA0(_t61,  *(_t71 - 0x20), _t46);
						} else {
							_t50 =  *0x7ffe03c0 << 3;
							__eflags = _t50 - 0x300;
							if(_t50 < 0x300) {
								_t50 = 0x300;
							}
							E6D835AA0(0x300,  *(_t71 - 0x20), _t50);
							_t53 =  *0x7ffe03c0 << 2;
							_t61 = 0x180;
							__eflags = _t53 - 0x180;
							if(_t53 < 0x180) {
								_t53 = 0x180;
							}
							E6D845C70( *(_t71 - 0x20), _t53);
						}
						_t48 =  *0x6d8f8750;
						__eflags = _t48;
						if(_t48 != 0) {
							_t45 = E6D80B8F0( *(_t71 - 0x20), _t48);
							goto L27;
						} else {
							goto L20;
						}
					}
					 *((char*)(_t71 - 0x19)) = 0;
					E6D82FAD0(__edx);
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					if( *_t70 != 0) {
						asm("lock inc dword [eax]");
						 *_t66 =  *_t70;
						 *((char*)(_t71 - 0x19)) = 1;
					}
					 *(_t71 - 4) = 0xfffffffe;
					E6D82F9D6(_t60);
					if( *((char*)(_t71 - 0x19)) == 0) {
						goto L10;
					} else {
						_t31 = 0;
						goto L9;
					}
				}
			}















                                                                                  0x6d82f86d
                                                                                  0x6d82f86d
                                                                                  0x6d82f86d
                                                                                  0x6d82f86f
                                                                                  0x6d82f874
                                                                                  0x6d82f879
                                                                                  0x6d82f87b
                                                                                  0x6d82f87e
                                                                                  0x6d82f880
                                                                                  0x6d82f883
                                                                                  0x6d82f888
                                                                                  0x6d8747c9
                                                                                  0x6d8747ce
                                                                                  0x00000000
                                                                                  0x6d82f8b1
                                                                                  0x6d82f8b4
                                                                                  0x6d82f8f1
                                                                                  0x6d82f8f1
                                                                                  0x6d82f900
                                                                                  0x6d82f902
                                                                                  0x6d82f905
                                                                                  0x6d82f907
                                                                                  0x6d82f9a9
                                                                                  0x6d82f9a9
                                                                                  0x6d82f8e9
                                                                                  0x6d82f8ee
                                                                                  0x6d82f8ee
                                                                                  0x6d82f90e
                                                                                  0x6d82f913
                                                                                  0x6d82f91c
                                                                                  0x6d82f91e
                                                                                  0x6d82f9e4
                                                                                  0x6d82f98b
                                                                                  0x6d82f98b
                                                                                  0x6d82f992
                                                                                  0x6d82f997
                                                                                  0x6d82f99a
                                                                                  0x6d82f99c
                                                                                  0x6d82f9e9
                                                                                  0x6d82f9ea
                                                                                  0x6d82f9ea
                                                                                  0x6d82f99e
                                                                                  0x6d82f9a0
                                                                                  0x6d82f9a7
                                                                                  0x6d82f9a7
                                                                                  0x00000000
                                                                                  0x6d82f9a0
                                                                                  0x6d82f924
                                                                                  0x6d82f92a
                                                                                  0x6d82f9b0
                                                                                  0x6d82f9b6
                                                                                  0x6d82f982
                                                                                  0x6d82f985
                                                                                  0x6d82f987
                                                                                  0x6d82f987
                                                                                  0x6d82f987
                                                                                  0x00000000
                                                                                  0x6d82f987
                                                                                  0x6d82f9be
                                                                                  0x6d82f9c6
                                                                                  0x6d82f9cb
                                                                                  0x6d82f9cb
                                                                                  0x6d82f9cd
                                                                                  0x6d82f9cf
                                                                                  0x6d82f9d2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82f9d4
                                                                                  0x6d82f930
                                                                                  0x6d82f935
                                                                                  0x6d82f937
                                                                                  0x6d8747a3
                                                                                  0x6d82f93d
                                                                                  0x6d82f942
                                                                                  0x6d82f94a
                                                                                  0x6d82f94c
                                                                                  0x6d82f94e
                                                                                  0x6d82f94e
                                                                                  0x6d82f954
                                                                                  0x6d82f95e
                                                                                  0x6d82f961
                                                                                  0x6d82f966
                                                                                  0x6d82f968
                                                                                  0x6d82f96a
                                                                                  0x6d82f96a
                                                                                  0x6d82f970
                                                                                  0x6d82f970
                                                                                  0x6d82f975
                                                                                  0x6d82f97a
                                                                                  0x6d82f97c
                                                                                  0x6d8747b1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82f97c
                                                                                  0x6d82f8b6
                                                                                  0x6d82f8bb
                                                                                  0x6d82f8c0
                                                                                  0x6d82f8c8
                                                                                  0x6d82f8ca
                                                                                  0x6d82f8cf
                                                                                  0x6d82f8d1
                                                                                  0x6d82f8d1
                                                                                  0x6d82f8d5
                                                                                  0x6d82f8dc
                                                                                  0x6d82f8e5
                                                                                  0x00000000
                                                                                  0x6d82f8e7
                                                                                  0x6d82f8e7
                                                                                  0x00000000
                                                                                  0x6d82f8e7
                                                                                  0x6d82f8e5

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(?,?,?,?,6D8DFEB8,0000001C,6D802C4C,?), ref: 6D82F8BB
                                                                                  • TpAllocPool.BCCB(00000000,00000000,?,?,?,6D8DFEB8,0000001C,6D802C4C,?), ref: 6D82F8FB
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,00000000,00000000,?,?,?,6D8DFEB8,0000001C,6D802C4C,?), ref: 6D82F90E
                                                                                  • TpSetPoolMaxThreads.BCCB(00000000,7FFE03C0,?,00000000,00000000,?,?,?,6D8DFEB8,0000001C,6D802C4C,?), ref: 6D82F954
                                                                                  • TpSetPoolMaxThreadsSoftLimit.BCCB(00000000,7FFE03C0,00000000,7FFE03C0,?,00000000,00000000,?,?,?,6D8DFEB8,0000001C,6D802C4C,?), ref: 6D82F970
                                                                                  • TpSetPoolMaxThreads.BCCB(00000000,00000001,?,00000000,00000000,?,?,?,6D8DFEB8,0000001C,6D802C4C,?), ref: 6D82F9BE
                                                                                  • TpSetPoolMinThreads.BCCB(00000000,00000001,00000000,00000001,?,00000000,00000000,?,?,?,6D8DFEB8,0000001C,6D802C4C,?), ref: 6D82F9C6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Pool$Threads$AcquireLock$AllocExclusiveLimitSharedSoft
                                                                                  • String ID:
                                                                                  • API String ID: 4196657934-0
                                                                                  • Opcode ID: 3dcd85fe2aad206e61e7d44d2bc05e718c112fe63a2ed1ed674387c7ecbbedcf
                                                                                  • Instruction ID: 97024bb6ee8d1edcc6067e18ae89e099a58bfd85bff0eeb2bce05d1f1b4e956c
                                                                                  • Opcode Fuzzy Hash: 3dcd85fe2aad206e61e7d44d2bc05e718c112fe63a2ed1ed674387c7ecbbedcf
                                                                                  • Instruction Fuzzy Hash: 4841B1B1A0420AAFDB118FAEC84CBBDB6B5BF99758F110D19E540E7290D774D880CBD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D805210, Relevance: 15.1, APIs: 10, Instructions: 107memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 85%
                                                                                  			E6D805210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				void* _t35;
				int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E6D8052A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *(_t31 + 0x28);
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *(_t61 + 0x10);
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E6D8495D0();
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
						}
					} else {
						E6D81EB70(_t54, 0x6d8f79a0);
					}
					return _t52 + 2;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E6D8495D0();
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
							}
						} else {
							E6D81EB70(_t54, 0x6d8f79a0);
						}
						return _t52;
					}
					L5:
					_t33 = memcpy(_a8, _t54, _t52);
					if(_t61 == 0) {
						E6D81EB70(_t54, 0x6d8f79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E6D8495D0();
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t35 + _t52)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                  0x6d805220
                                                                                  0x6d805224
                                                                                  0x6d860d13
                                                                                  0x6d860d16
                                                                                  0x6d860d19
                                                                                  0x6d80522a
                                                                                  0x6d80522a
                                                                                  0x6d80522d
                                                                                  0x6d80522d
                                                                                  0x6d805231
                                                                                  0x6d805235
                                                                                  0x6d805239
                                                                                  0x6d860d5c
                                                                                  0x6d860d62
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d860d6a
                                                                                  0x6d860d7b
                                                                                  0x6d860d7f
                                                                                  0x6d860d81
                                                                                  0x6d860d84
                                                                                  0x6d860d95
                                                                                  0x6d860d95
                                                                                  0x6d860d6c
                                                                                  0x6d860d71
                                                                                  0x6d860d71
                                                                                  0x00000000
                                                                                  0x6d80524a
                                                                                  0x6d80524a
                                                                                  0x6d805250
                                                                                  0x6d860d24
                                                                                  0x6d860d35
                                                                                  0x6d860d39
                                                                                  0x6d860d3b
                                                                                  0x6d860d3e
                                                                                  0x6d860d50
                                                                                  0x6d860d50
                                                                                  0x6d860d26
                                                                                  0x6d860d2b
                                                                                  0x6d860d2b
                                                                                  0x00000000
                                                                                  0x6d860d55
                                                                                  0x6d805256
                                                                                  0x6d80525b
                                                                                  0x6d805265
                                                                                  0x6d860da7
                                                                                  0x6d80526b
                                                                                  0x6d80526e
                                                                                  0x6d805272
                                                                                  0x6d860db1
                                                                                  0x6d860db4
                                                                                  0x6d860dc5
                                                                                  0x6d860dc5
                                                                                  0x6d805272
                                                                                  0x6d805278
                                                                                  0x6d80527e
                                                                                  0x6d80528a
                                                                                  0x6d80528c
                                                                                  0x6d80528d
                                                                                  0x00000000
                                                                                  0x6d805280
                                                                                  0x6d805282
                                                                                  0x6d805288
                                                                                  0x6d80529f
                                                                                  0x6d805292
                                                                                  0x00000000
                                                                                  0x6d805292
                                                                                  0x00000000
                                                                                  0x6d805288
                                                                                  0x6d80527e

                                                                                  APIs
                                                                                    • Part of subcall function 6D8052A5: RtlEnterCriticalSection.BCCB(6D8F79A0,?,00000000,?), ref: 6D8052BF
                                                                                    • Part of subcall function 6D8052A5: RtlLeaveCriticalSection.BCCB(6D8F79A0,6D8F79A0,?,00000000,?), ref: 6D8052DD
                                                                                  • memcpy.BCCB(?,?), ref: 6D80525B
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F79A0), ref: 6D860D2B
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F79A0), ref: 6D860D71
                                                                                  • ZwClose.BCCB(?), ref: 6D860D84
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?), ref: 6D860D95
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F79A0), ref: 6D860DA7
                                                                                  • ZwClose.BCCB(?), ref: 6D860DB4
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?), ref: 6D860DC5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Leave$CloseFreeHeap$Entermemcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3163955863-0
                                                                                  • Opcode ID: b32f37386d4747ed45cf5018ad72d7522f0c25eb1a0b096beea2496a848e2eb0
                                                                                  • Instruction ID: 705bc6a672bf97d25f0e41de0c587e4a70cdbe5371b1f284c2d5eb16e09d0a63
                                                                                  • Opcode Fuzzy Hash: b32f37386d4747ed45cf5018ad72d7522f0c25eb1a0b096beea2496a848e2eb0
                                                                                  • Instruction Fuzzy Hash: B431233165A646EBD3238B1DCC88B3A73A9FF10774F128F19F5544B5A0DB20E800C7A4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D824120, Relevance: 13.9, APIs: 9, Instructions: 444memoryCOMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 91%
                                                                                  			E6D824120(signed char __ecx, intOrPtr* __edx, signed short* _a4, signed short* _a8, intOrPtr _a12, long* _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v16;
				signed int _v24;
				char _v532;
				char _v540;
				intOrPtr _v544;
				signed int _v548;
				void* _v552;
				long _v556;
				intOrPtr _v560;
				void* _v564;
				signed char _v568;
				void* _v570;
				long* _v572;
				long _v576;
				signed short* _v580;
				char _v581;
				signed short _v584;
				signed int _v588;
				unsigned int _v596;
				void* _v597;
				void* _v604;
				void* _v605;
				void* _v608;
				void* _v612;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t161;
				signed int _t162;
				char _t163;
				void* _t169;
				void* _t173;
				signed short _t177;
				void* _t181;
				unsigned int _t182;
				struct _EXCEPTION_RECORD _t184;
				signed int _t185;
				signed int _t213;
				void* _t221;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				void* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				long* _t260;
				long _t265;
				signed short* _t269;
				signed short _t271;
				signed char _t272;
				signed short* _t275;
				short* _t282;
				signed short _t283;
				void* _t287;
				signed short _t290;
				short* _t300;
				signed short _t308;
				int _t309;
				int _t311;
				signed short _t312;
				intOrPtr* _t316;
				long _t317;
				void* _t318;
				void* _t320;
				signed short* _t322;
				void* _t323;
				void* _t324;
				void* _t325;
				signed int _t326;
				void* _t327;
				signed int _t328;
				signed int _t330;

				_t330 = (_t328 & 0xfffffff8) - 0x24c;
				_v8 =  *0x6d8fd360 ^ _t330;
				_t157 = _a8;
				_t322 = _a4;
				_t316 = __edx;
				_v548 = __ecx;
				_t306 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *((short*)(__edx)) <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t316;
						_v552 =  *((intOrPtr*)(_t316 + 4));
						_t161 = E6D83F232( &_v556);
						_t317 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t307 = 0x208;
						_t317 = E6D826E30(_t316, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t317 == 0) {
							L68:
							_t323 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t317 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t317);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_v596 = _t317;
											_t307 = _t317;
											_t317 = E6D826E30(_v572, _t317, _t254, _v580, _t330 + 0x1b,  &_v548);
											if(_t317 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t317;
									 *((short*)(_t330 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t317 < 2) {
										L11:
										if(_t317 < 4 ||  *_t254 == 0 ||  *(_t254 + 2) != 0x3a) {
											_t161 = 5;
										} else {
											if(_t317 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 =  *(_t254 + 4) & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t317 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 =  *(_t254 + 2) & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t317 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 =  *(_t254 + 4) & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t317 < 8) {
																L85:
																_t161 = ((0 | _t317 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 =  *(_t254 + 6) & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M6D8245F8))) {
												case 0:
													_v568 = 0x6d7e1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x6d7e11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t307 =  *_v568 & 0x0000ffff;
									_t265 = _t307 - _v564 + 2 + (_t317 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t323 = 0xc0000106;
									} else {
										if(_t322 != 0) {
											if(_t265 > (_t322[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t323 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t307;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t322) {
												_t323 = 0xc000000d;
											} else {
												L23:
												_t173 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t265);
												_t269 = _v588;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t323 = 0xc0000017;
												} else {
													_t317 = _v564;
													 *_t269 = 0;
													_t322 = _t269;
													_t269[1] = _v584;
													_t177 =  *_v576 & 0x0000ffff;
													L25:
													_v588 = _t177;
													if(_t177 == 0) {
														L29:
														_t308 =  *_t322 & 0x0000ffff;
													} else {
														_t290 =  *_t322 & 0x0000ffff;
														_v584 = _t290;
														_t311 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + _t311 > (_t322[1] & 0x0000ffff)) {
															_t308 =  *_t322 & 0xffff;
														} else {
															_t221 = _t322[2] + ((_v584 & 0x0000ffff) >> 1) * 2;
															_v584 = _t221;
															memmove(_t221,  *(_v576 + 4), _t311);
															_t330 = _t330 + 0xc;
															_t312 = _v588;
															_t225 =  *_t322 + _t312 & 0x0000ffff;
															 *_t322 = _t225;
															if(_t225 + 1 < (_t322[1] & 0x0000ffff)) {
																 *((short*)(_v584 + ((_t312 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v564 - _v596 + _v596;
													_v588 = _t308;
													_v584 = _t271;
													if(_t271 != 0) {
														_t309 = _t271 & 0x0000ffff;
														_v596 = _t309;
														if(_t309 + (_t308 & 0x0000ffff) <= (_t322[1] & 0x0000ffff)) {
															_t287 = _t322[2] + ((_v588 & 0x0000ffff) >> 1) * 2;
															_v588 = _t287;
															memmove(_t287, _v560 + _v572, _t309);
															_t330 = _t330 + 0xc;
															_t213 =  *_t322 + _v584 & 0x0000ffff;
															 *_t322 = _t213;
															if(_t213 + 1 < (_t322[1] & 0x0000ffff)) {
																 *((short*)(_v588 + (_v596 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v568;
													if(_t272 != 0) {
														 *_t272 = _t322;
													}
													_t307 = 0;
													 *((short*)(_t322[2] + (( *_t322 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v580;
													if(_t275 != 0) {
														_t307 =  *_t275;
														if(_t307 != 0) {
															 *_t275 = ( *_v576 & 0x0000ffff) - _v572 - _t254 + _t307 + _t322[2];
														}
													}
													_t181 = _v552;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v548 == 5) {
															_t182 = E6D8052A5(1);
															_v596 = _t182;
															if(_t182 == 0) {
																E6D81EB70(1, 0x6d8f79a0);
																goto L38;
															} else {
																_t184 = _t182 + 0xc;
																_v568 = _t184;
																_t185 = RtlPrefixUnicodeString(_t184,  &_v564, 1);
																if(_t185 == 0) {
																	_t325 = _v608;
																	goto L97;
																} else {
																	_t307 = _v564;
																	_t282 = ( *_v580 & 0x0000ffff) - _v584 + ( *_v588 & 0x0000ffff) + _t322[2];
																	 *((intOrPtr*)(_t307 + 4)) = _t282;
																	_v596 = _t282;
																	_t326 = _t317 -  *_v580 & 0x0000ffff;
																	 *_t307 = _t326;
																	if( *_t282 == 0x5c) {
																		_t149 = _t326 - 2; // -2
																		_t283 = _t149;
																		 *_t307 = _t283;
																		 *((intOrPtr*)(_t307 + 4)) = _v596 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t325 = _v608;
																	 *(_t307 + 2) = _t185;
																	if((_v568 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t325 + 4)));
																			E6D8495D0();
																			RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t325);
																		}
																	} else {
																		 *(_t307 + 0xc) = _t325;
																		 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t325 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t323 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t254);
									}
									_t169 = _t323;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t318);
					_pop(_t324);
					_pop(_t255);
					return E6D84B640(_t169, _t255, _v16 ^ _t330, _t307, _t318, _t324);
				} else {
					_t300 =  *((intOrPtr*)(__edx + 4));
					if( *_t300 == 0x5c) {
						_t256 =  *(_t300 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t300 + 4)) != 0x3f ||  *((short*)(_t300 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E6D843D43(_t316, _t322, _t157, _v560, _v572, _t306);
								_pop(_t320);
								_pop(_t327);
								_pop(_t257);
								return E6D84B640(_t251, _t257, _v24 ^ _t330, _t322, _t320, _t327);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}



















































































                                                                                  0x6d824128
                                                                                  0x6d824135
                                                                                  0x6d82413c
                                                                                  0x6d824141
                                                                                  0x6d824145
                                                                                  0x6d824147
                                                                                  0x6d82414e
                                                                                  0x6d824151
                                                                                  0x6d824159
                                                                                  0x6d82415c
                                                                                  0x6d824160
                                                                                  0x6d824164
                                                                                  0x6d824168
                                                                                  0x6d82416c
                                                                                  0x6d82417f
                                                                                  0x6d824181
                                                                                  0x6d82446a
                                                                                  0x6d82446a
                                                                                  0x6d82418c
                                                                                  0x6d824195
                                                                                  0x6d824199
                                                                                  0x6d824432
                                                                                  0x6d824439
                                                                                  0x6d82443d
                                                                                  0x6d824442
                                                                                  0x6d824447
                                                                                  0x00000000
                                                                                  0x6d82419f
                                                                                  0x6d8241a3
                                                                                  0x6d8241b9
                                                                                  0x6d8241bd
                                                                                  0x6d8245db
                                                                                  0x6d8245db
                                                                                  0x00000000
                                                                                  0x6d8241c3
                                                                                  0x6d8241c3
                                                                                  0x6d8241ce
                                                                                  0x6d8241d4
                                                                                  0x6d86e138
                                                                                  0x6d86e13e
                                                                                  0x6d86e169
                                                                                  0x6d86e16d
                                                                                  0x6d86e19e
                                                                                  0x6d86e16f
                                                                                  0x6d86e175
                                                                                  0x6d86e179
                                                                                  0x6d86e18f
                                                                                  0x6d86e193
                                                                                  0x00000000
                                                                                  0x6d86e199
                                                                                  0x00000000
                                                                                  0x6d86e199
                                                                                  0x6d86e193
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8241da
                                                                                  0x6d8241da
                                                                                  0x6d8241df
                                                                                  0x6d8241e4
                                                                                  0x6d8241ec
                                                                                  0x6d824203
                                                                                  0x6d824207
                                                                                  0x6d86e1fd
                                                                                  0x6d824222
                                                                                  0x6d824226
                                                                                  0x6d86e1f3
                                                                                  0x6d86e1f3
                                                                                  0x6d82422c
                                                                                  0x6d82422c
                                                                                  0x6d824233
                                                                                  0x6d86e1ed
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d824239
                                                                                  0x6d824239
                                                                                  0x6d824239
                                                                                  0x6d824239
                                                                                  0x6d824233
                                                                                  0x6d824226
                                                                                  0x6d8241ee
                                                                                  0x6d8241ee
                                                                                  0x6d8241f4
                                                                                  0x6d824575
                                                                                  0x6d86e1b1
                                                                                  0x6d86e1b1
                                                                                  0x00000000
                                                                                  0x6d82457b
                                                                                  0x6d82457b
                                                                                  0x6d824582
                                                                                  0x6d86e1ab
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d824588
                                                                                  0x6d824588
                                                                                  0x6d82458c
                                                                                  0x6d86e1c4
                                                                                  0x6d86e1c4
                                                                                  0x00000000
                                                                                  0x6d824592
                                                                                  0x6d824592
                                                                                  0x6d824599
                                                                                  0x6d86e1be
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82459f
                                                                                  0x6d82459f
                                                                                  0x6d8245a3
                                                                                  0x6d86e1d7
                                                                                  0x6d86e1e4
                                                                                  0x00000000
                                                                                  0x6d8245a9
                                                                                  0x6d8245a9
                                                                                  0x6d8245b0
                                                                                  0x6d86e1d1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8245b6
                                                                                  0x6d8245b6
                                                                                  0x6d8245b6
                                                                                  0x00000000
                                                                                  0x6d8245b6
                                                                                  0x6d8245b0
                                                                                  0x6d8245a3
                                                                                  0x6d824599
                                                                                  0x6d82458c
                                                                                  0x6d824582
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8241f4
                                                                                  0x6d82423e
                                                                                  0x6d824241
                                                                                  0x6d8245c0
                                                                                  0x6d8245c4
                                                                                  0x00000000
                                                                                  0x6d8245ca
                                                                                  0x6d8245ca
                                                                                  0x00000000
                                                                                  0x6d86e207
                                                                                  0x6d86e20f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8245d1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8245ca
                                                                                  0x00000000
                                                                                  0x6d824247
                                                                                  0x6d824247
                                                                                  0x6d824247
                                                                                  0x6d824249
                                                                                  0x6d824249
                                                                                  0x6d824249
                                                                                  0x6d824251
                                                                                  0x6d824251
                                                                                  0x6d824257
                                                                                  0x6d82425f
                                                                                  0x6d82426e
                                                                                  0x6d824270
                                                                                  0x6d82427a
                                                                                  0x6d86e219
                                                                                  0x6d86e219
                                                                                  0x6d824280
                                                                                  0x6d824282
                                                                                  0x6d824456
                                                                                  0x6d8245ea
                                                                                  0x00000000
                                                                                  0x6d8245f0
                                                                                  0x6d86e223
                                                                                  0x00000000
                                                                                  0x6d86e223
                                                                                  0x6d82445c
                                                                                  0x6d82445c
                                                                                  0x00000000
                                                                                  0x6d82445c
                                                                                  0x00000000
                                                                                  0x6d824288
                                                                                  0x6d82428c
                                                                                  0x6d86e298
                                                                                  0x6d824292
                                                                                  0x6d824292
                                                                                  0x6d82429e
                                                                                  0x6d8242a3
                                                                                  0x6d8242a7
                                                                                  0x6d8242ac
                                                                                  0x6d86e22d
                                                                                  0x6d8242b2
                                                                                  0x6d8242b2
                                                                                  0x6d8242b9
                                                                                  0x6d8242bc
                                                                                  0x6d8242c2
                                                                                  0x6d8242ca
                                                                                  0x6d8242cd
                                                                                  0x6d8242cd
                                                                                  0x6d8242d4
                                                                                  0x6d82433f
                                                                                  0x6d82433f
                                                                                  0x6d8242d6
                                                                                  0x6d8242d6
                                                                                  0x6d8242d9
                                                                                  0x6d8242dd
                                                                                  0x6d8242eb
                                                                                  0x6d86e23a
                                                                                  0x6d8242f1
                                                                                  0x6d8242fe
                                                                                  0x6d824305
                                                                                  0x6d82430d
                                                                                  0x6d824315
                                                                                  0x6d824318
                                                                                  0x6d82431f
                                                                                  0x6d824322
                                                                                  0x6d82432e
                                                                                  0x6d82433b
                                                                                  0x6d82433b
                                                                                  0x00000000
                                                                                  0x6d82432e
                                                                                  0x6d8242eb
                                                                                  0x6d82434c
                                                                                  0x6d82434e
                                                                                  0x6d824352
                                                                                  0x6d824359
                                                                                  0x6d82435e
                                                                                  0x6d824361
                                                                                  0x6d82436e
                                                                                  0x6d82437d
                                                                                  0x6d82438a
                                                                                  0x6d82438e
                                                                                  0x6d824396
                                                                                  0x6d82439e
                                                                                  0x6d8243a1
                                                                                  0x6d8243ad
                                                                                  0x6d8243bb
                                                                                  0x6d8243bb
                                                                                  0x6d8243ad
                                                                                  0x6d82436e
                                                                                  0x6d8243bf
                                                                                  0x6d8243c5
                                                                                  0x6d824463
                                                                                  0x6d824463
                                                                                  0x6d8243ce
                                                                                  0x6d8243d5
                                                                                  0x6d8243d9
                                                                                  0x6d8243df
                                                                                  0x6d824475
                                                                                  0x6d824479
                                                                                  0x6d824491
                                                                                  0x6d824491
                                                                                  0x6d824479
                                                                                  0x6d8243e5
                                                                                  0x6d8243eb
                                                                                  0x6d8243f4
                                                                                  0x6d8243f6
                                                                                  0x6d8243f9
                                                                                  0x6d8243fc
                                                                                  0x6d8243ff
                                                                                  0x6d8244e8
                                                                                  0x6d8244ed
                                                                                  0x6d8244f3
                                                                                  0x6d86e247
                                                                                  0x00000000
                                                                                  0x6d8244f9
                                                                                  0x6d8244ff
                                                                                  0x6d824504
                                                                                  0x6d824508
                                                                                  0x6d82450f
                                                                                  0x6d86e269
                                                                                  0x00000000
                                                                                  0x6d824515
                                                                                  0x6d824519
                                                                                  0x6d824531
                                                                                  0x6d824534
                                                                                  0x6d824537
                                                                                  0x6d82453e
                                                                                  0x6d824541
                                                                                  0x6d82454a
                                                                                  0x6d86e255
                                                                                  0x6d86e255
                                                                                  0x6d86e25b
                                                                                  0x6d86e25e
                                                                                  0x6d86e261
                                                                                  0x6d86e261
                                                                                  0x6d824555
                                                                                  0x6d824559
                                                                                  0x6d82455d
                                                                                  0x6d86e26d
                                                                                  0x6d86e270
                                                                                  0x6d86e274
                                                                                  0x6d86e27a
                                                                                  0x6d86e27d
                                                                                  0x6d86e28e
                                                                                  0x6d86e28e
                                                                                  0x6d824563
                                                                                  0x6d824563
                                                                                  0x6d824569
                                                                                  0x6d824569
                                                                                  0x00000000
                                                                                  0x6d82455d
                                                                                  0x6d82450f
                                                                                  0x00000000
                                                                                  0x6d8244f3
                                                                                  0x6d8243ff
                                                                                  0x6d824405
                                                                                  0x6d824405
                                                                                  0x6d824405
                                                                                  0x6d8242ac
                                                                                  0x6d82428c
                                                                                  0x6d824282
                                                                                  0x6d824407
                                                                                  0x6d82440d
                                                                                  0x6d86e2af
                                                                                  0x6d86e2af
                                                                                  0x6d824413
                                                                                  0x6d824413
                                                                                  0x00000000
                                                                                  0x6d8241d4
                                                                                  0x00000000
                                                                                  0x6d8241c3
                                                                                  0x6d8241bd
                                                                                  0x6d824415
                                                                                  0x6d824415
                                                                                  0x6d824416
                                                                                  0x6d824417
                                                                                  0x6d824429
                                                                                  0x6d82416e
                                                                                  0x6d82416e
                                                                                  0x6d824175
                                                                                  0x6d824498
                                                                                  0x6d82449f
                                                                                  0x6d86e12d
                                                                                  0x00000000
                                                                                  0x6d86e133
                                                                                  0x00000000
                                                                                  0x6d86e133
                                                                                  0x6d8244a5
                                                                                  0x6d8244a5
                                                                                  0x6d8244aa
                                                                                  0x00000000
                                                                                  0x6d8244bb
                                                                                  0x6d8244ca
                                                                                  0x6d8244d6
                                                                                  0x6d8244d7
                                                                                  0x6d8244d8
                                                                                  0x6d8244e3
                                                                                  0x6d8244e3
                                                                                  0x6d8244aa
                                                                                  0x6d82417b
                                                                                  0x6d82417b
                                                                                  0x6d82417b
                                                                                  0x00000000
                                                                                  0x6d82417b
                                                                                  0x6d824175
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?,?,00000000,?,?), ref: 6D82429E
                                                                                  • memmove.BCCB(?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 6D82430D
                                                                                  • memmove.BCCB(?,?,?,?,00000000,?,?,00000000,?,?), ref: 6D82438E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memmove$AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1771830547-0
                                                                                  • Opcode ID: 2012c1e43e91bea9eb8741dddb782b9bcd90472b359df2865d823b32a8880f2e
                                                                                  • Instruction ID: 8da03bc58ecf4fd1e92656ceaaf152c5a7a17224e7d935cc280856bf1bcb7ba8
                                                                                  • Opcode Fuzzy Hash: 2012c1e43e91bea9eb8741dddb782b9bcd90472b359df2865d823b32a8880f2e
                                                                                  • Instruction Fuzzy Hash: 0FF169706082528BC715CF59C888A3AB7F5FF99714F118D2EF895CB290E734D985CBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D834D3B, Relevance: 13.6, APIs: 9, Instructions: 131nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 78%
                                                                                  			E6D834D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				void _v176;
				char _v177;
				long _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t42;
				void* _t44;
				long _t46;
				intOrPtr _t50;
				long _t56;
				void* _t57;
				int _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x6d8fd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				memset( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x6d8f7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E6D84B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t57);
						}
						_v177 = 1;
						_t44 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = RtlNtStatusToDosError(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E6D84B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E6D84F380(_t67 + 0xc, 0x6d7e5138, 0x10) == 0) {
								 *0x6d8f60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E6D834F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				_t56 = E6D834E70(0x6d8f86b0, 0x6d835690, 0, 0);
				if(_t56 != 0) {
					_t46 = RtlNtStatusToDosError(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}





















                                                                                  0x6d834d3b
                                                                                  0x6d834d4d
                                                                                  0x6d834d53
                                                                                  0x6d834d58
                                                                                  0x6d834d65
                                                                                  0x6d834d6c
                                                                                  0x6d834d71
                                                                                  0x6d834d77
                                                                                  0x6d834d7f
                                                                                  0x6d834d8c
                                                                                  0x6d834d8e
                                                                                  0x6d834dad
                                                                                  0x6d834db0
                                                                                  0x6d834db7
                                                                                  0x6d834db8
                                                                                  0x6d834db9
                                                                                  0x6d834dba
                                                                                  0x6d834dbb
                                                                                  0x6d834dc1
                                                                                  0x6d834dc8
                                                                                  0x6d834dcc
                                                                                  0x6d834dd5
                                                                                  0x6d834dde
                                                                                  0x6d834ddf
                                                                                  0x6d834de0
                                                                                  0x6d834de1
                                                                                  0x6d834de6
                                                                                  0x6d834de7
                                                                                  0x6d834de9
                                                                                  0x6d834df3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d876c7c
                                                                                  0x6d876c8a
                                                                                  0x6d876c8a
                                                                                  0x6d876c9d
                                                                                  0x6d876ca7
                                                                                  0x6d876cac
                                                                                  0x6d876cb2
                                                                                  0x6d876cb9
                                                                                  0x00000000
                                                                                  0x6d876cbf
                                                                                  0x6d876cbf
                                                                                  0x00000000
                                                                                  0x6d876cbf
                                                                                  0x6d876cb9
                                                                                  0x6d834dfb
                                                                                  0x6d876ccf
                                                                                  0x6d876cd3
                                                                                  0x6d834e32
                                                                                  0x6d834e39
                                                                                  0x6d876ce0
                                                                                  0x6d876cf2
                                                                                  0x6d876cf2
                                                                                  0x6d876ce0
                                                                                  0x6d834e3f
                                                                                  0x6d834e41
                                                                                  0x6d834e51
                                                                                  0x6d834e51
                                                                                  0x6d834e03
                                                                                  0x6d834e03
                                                                                  0x6d834e09
                                                                                  0x6d834e0f
                                                                                  0x6d834e57
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d834e1b
                                                                                  0x6d834e30
                                                                                  0x6d834e5b
                                                                                  0x6d834e5b
                                                                                  0x00000000
                                                                                  0x6d834e30
                                                                                  0x6d834e11
                                                                                  0x6d834e11
                                                                                  0x6d834e16
                                                                                  0x00000000
                                                                                  0x6d834e16
                                                                                  0x6d834e01
                                                                                  0x00000000
                                                                                  0x6d834e01
                                                                                  0x6d834d9e
                                                                                  0x6d834da5
                                                                                  0x6d876c6b
                                                                                  0x00000000
                                                                                  0x6d834dab
                                                                                  0x6d834dab
                                                                                  0x00000000
                                                                                  0x6d834dab

                                                                                  APIs
                                                                                  • memset.BCCB(?,00000000,000000A0,00000000,00000000,00000024), ref: 6D834D77
                                                                                  • RtlRunOnceExecuteOnce.BCCB(6D8F86B0,6D835690,00000000,00000000,00000000,00000000,00000024), ref: 6D834D9E
                                                                                  • ZwTraceControl.BCCB(0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6D834DE9
                                                                                  • memcmp.BCCB(?,6D7E5138,00000010,0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6D834E26
                                                                                  • RtlNtStatusToDosError.BCCB(00000000,6D8F86B0,6D835690,00000000,00000000,00000000,00000000,00000024), ref: 6D876C6B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Once$ControlErrorExecuteStatusTracememcmpmemset
                                                                                  • String ID:
                                                                                  • API String ID: 1949686928-0
                                                                                  • Opcode ID: 728d4eb119a1ea7858dc7a172c6fea99d468932d8e4d6c862e88f797cc840cdc
                                                                                  • Instruction ID: 24663bd1758ed48cc1359489a9a974ddc14c34ff3c4910b97cfab6e16e60b58e
                                                                                  • Opcode Fuzzy Hash: 728d4eb119a1ea7858dc7a172c6fea99d468932d8e4d6c862e88f797cc840cdc
                                                                                  • Instruction Fuzzy Hash: 6A410A71A44328AFEB21CF58CC88F6AB7B5EB89714F024899F94997281D771DD40CBD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D834BAD, Relevance: 13.6, APIs: 9, Instructions: 131memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 84%
                                                                                  			E6D834BAD(long __ecx, void* __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				long _v28;
				intOrPtr _v32;
				char _v36;
				void _v156;
				short _v158;
				intOrPtr _v160;
				long _v164;
				long _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				void* _t84;
				void* _t85;
				long _t86;
				int _t87;
				long _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x6d8fd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E6D80CC50(_t86);
					L11:
					return E6D84B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0 || _t45 !=  *((intOrPtr*)(_t77 + 0x34))) {
					goto L22;
				} else {
					_t9 = _t77 + 0x24; // 0x6d8f8504
					E6D822280(_t9, _t9);
					_t87 = 0x78;
					 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
					memset( &_v156, 0, _t87);
					_t85 =  &_v156;
					_v36 =  *((intOrPtr*)(_t77 + 0x30));
					_v28 = _v168;
					_v32 = 0;
					_v24 = 0;
					_v20 = _v158;
					_v160 = 0;
					while(1) {
						_push( &_v164);
						_push(_t87);
						_push(_t85);
						_push(0x18);
						_push( &_v36);
						_push(0x1e);
						_t88 = E6D84B0B0();
						if(_t88 != 0xc0000023) {
							break;
						}
						if(_t85 !=  &_v156) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t85);
						}
						_t84 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v164);
						_v168 = _v164;
						if(_t84 == 0) {
							_t88 = 0xc0000017;
							goto L19;
						} else {
							_t74 = _v160 + 1;
							_v160 = _t74;
							if(_t74 >= 0x10) {
								L19:
								_t86 = RtlNtStatusToDosError(_t88);
								if(_t86 != 0) {
									L8:
									 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
									_t30 = _t77 + 0x24; // 0x6d8f8504
									E6D81FFB0(_t77, _t84, _t30);
									if(_t84 != 0 && _t84 !=  &_v156) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t84);
									}
									if(_t86 != 0) {
										goto L12;
									} else {
										goto L11;
									}
								}
								L6:
								 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
								if(_v164 != 0) {
									_t83 = _t84;
									E6D834F49(_t77, _t84);
								}
								goto L8;
							}
							_t87 = _v168;
							continue;
						}
					}
					if(_t88 != 0) {
						goto L19;
					}
					goto L6;
				}
			}


























                                                                                  0x6d834bad
                                                                                  0x6d834bbf
                                                                                  0x6d834bc2
                                                                                  0x6d834bc6
                                                                                  0x6d834bcd
                                                                                  0x6d834bd9
                                                                                  0x6d8767fe
                                                                                  0x6d876800
                                                                                  0x6d834ccc
                                                                                  0x6d834ccd
                                                                                  0x6d834cb7
                                                                                  0x6d834cc9
                                                                                  0x6d834cc9
                                                                                  0x6d834bdf
                                                                                  0x6d834be5
                                                                                  0x00000000
                                                                                  0x6d834bf5
                                                                                  0x6d834bf5
                                                                                  0x6d834bf9
                                                                                  0x6d834c06
                                                                                  0x6d834c0b
                                                                                  0x6d834c17
                                                                                  0x6d834c1f
                                                                                  0x6d834c25
                                                                                  0x6d834c33
                                                                                  0x6d834c3d
                                                                                  0x6d834c40
                                                                                  0x6d834c43
                                                                                  0x6d834c47
                                                                                  0x6d834c4d
                                                                                  0x6d834c53
                                                                                  0x6d834c54
                                                                                  0x6d834c55
                                                                                  0x6d834c56
                                                                                  0x6d834c5b
                                                                                  0x6d834c5c
                                                                                  0x6d834c63
                                                                                  0x6d834c6b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d876776
                                                                                  0x6d876784
                                                                                  0x6d876784
                                                                                  0x6d87679f
                                                                                  0x6d8767a7
                                                                                  0x6d8767af
                                                                                  0x6d8767ce
                                                                                  0x00000000
                                                                                  0x6d8767b1
                                                                                  0x6d8767b7
                                                                                  0x6d8767b8
                                                                                  0x6d8767c1
                                                                                  0x6d8767d3
                                                                                  0x6d8767d9
                                                                                  0x6d8767dd
                                                                                  0x6d834c94
                                                                                  0x6d834c94
                                                                                  0x6d834c98
                                                                                  0x6d834c9c
                                                                                  0x6d834ca3
                                                                                  0x6d8767f4
                                                                                  0x6d8767f4
                                                                                  0x6d834cb5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d834cb5
                                                                                  0x6d834c79
                                                                                  0x6d834c7e
                                                                                  0x6d834c89
                                                                                  0x6d834c8b
                                                                                  0x6d834c8f
                                                                                  0x6d834c8f
                                                                                  0x00000000
                                                                                  0x6d834c89
                                                                                  0x6d8767c3
                                                                                  0x00000000
                                                                                  0x6d8767c3
                                                                                  0x6d8767af
                                                                                  0x6d834c73
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d834c73

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F8504,6D8F5338,00000000,6D8F5320), ref: 6D834BF9
                                                                                  • memset.BCCB(?,00000000,00000078,6D8F8504,6D8F5338,00000000,6D8F5320), ref: 6D834C17
                                                                                  • ZwTraceControl.BCCB(0000001E,00000000,00000018,?,00000078,?,6D8F5338,00000000,6D8F5320), ref: 6D834C5E
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F8504,C0000017,?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6D8F5338,00000000,6D8F5320), ref: 6D834C9C
                                                                                  • RtlSetLastWin32Error.BCCB(00000000,6D8F8504,C0000017,?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6D8F5338,00000000,6D8F5320), ref: 6D834CCD
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,0000001E,00000000,00000018,?,00000078,?,6D8F5338,00000000,6D8F5320), ref: 6D876784
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6D8F5338,00000000,6D8F5320), ref: 6D87679A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveHeapLock$AcquireAllocateControlErrorFreeLastReleaseTraceWin32memset
                                                                                  • String ID:
                                                                                  • API String ID: 375855687-0
                                                                                  • Opcode ID: 7c046124f5e5c7f56f6cb9af5d21e54ec2782fa2db95062be2629521e71e18ac
                                                                                  • Instruction ID: 0f810f1fc51c0dfb23da9fa130e773836bd3c74da38bc05527d52fc69f55006b
                                                                                  • Opcode Fuzzy Hash: 7c046124f5e5c7f56f6cb9af5d21e54ec2782fa2db95062be2629521e71e18ac
                                                                                  • Instruction Fuzzy Hash: 9441C771A4422DABCB21CF6CC948BDE77B4EF49740F0209A5E908AB240D775DE85CBD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82C182, Relevance: 13.6, APIs: 9, Instructions: 104COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 67%
                                                                                  			E6D82C182(void* __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				char* _t43;
				void* _t48;
				signed char _t62;
				void* _t63;
				void* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E6D827D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E6D8D8D34(_v8, _t80);
					}
					E6D822280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E6D81FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t83 = _t80 + 0xd0;
						E6D8D8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E6D81FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E6D84B180();
						if(_a4 != 0) {
							E6D822280(_t48, _t81);
						}
					} else {
						E6D82BB2D(_v8 + 0xc, _t80 + 0x98);
						E6D82BB2D(_v8 + 8, _t80 + 0xb0);
						E6D82B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E6D81FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							E6D81FFB0(0, _t80, _t80 + 0x90);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					E6D81FFB0(0, __ecx, __ecx + 0x90);
				}
				return 0;
			}














                                                                                  0x6d82c18d
                                                                                  0x6d82c18f
                                                                                  0x6d82c191
                                                                                  0x6d82c19b
                                                                                  0x6d82c1a0
                                                                                  0x6d82c1d4
                                                                                  0x6d82c1de
                                                                                  0x6d872d6e
                                                                                  0x6d82c1e4
                                                                                  0x6d82c1e4
                                                                                  0x6d82c1e4
                                                                                  0x6d82c1ec
                                                                                  0x6d872d7d
                                                                                  0x6d872d7d
                                                                                  0x6d82c1f3
                                                                                  0x6d82c1ff
                                                                                  0x6d872d88
                                                                                  0x6d872d8d
                                                                                  0x6d872d94
                                                                                  0x6d872d9f
                                                                                  0x6d872da4
                                                                                  0x6d872dab
                                                                                  0x6d872db0
                                                                                  0x6d872db2
                                                                                  0x6d872db3
                                                                                  0x6d872db4
                                                                                  0x6d872dbc
                                                                                  0x6d872dc3
                                                                                  0x6d872dc3
                                                                                  0x6d82c205
                                                                                  0x6d82c211
                                                                                  0x6d82c222
                                                                                  0x6d82c22c
                                                                                  0x6d82c234
                                                                                  0x6d82c23a
                                                                                  0x6d82c23f
                                                                                  0x6d82c245
                                                                                  0x6d82c24b
                                                                                  0x6d82c251
                                                                                  0x6d82c25a
                                                                                  0x6d82c27d
                                                                                  0x6d82c27d
                                                                                  0x6d82c25c
                                                                                  0x6d82c25c
                                                                                  0x00000000
                                                                                  0x6d82c25e
                                                                                  0x6d82c1a4
                                                                                  0x6d82c1aa
                                                                                  0x6d82c1b3
                                                                                  0x6d82c26c
                                                                                  0x6d82c26c
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,?,00000000,?,00000000,?,?,?,?,?,6D8CC9F8,000000FE), ref: 6D82C1D7
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,?,?,00000000,?,00000000,?,?,?,?,?,6D8CC9F8,000000FE), ref: 6D82C1F3
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,00000000,?,00000000,?,?,?,?,?,6D8CC9F8,000000FE), ref: 6D82C23A
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000000,?,00000000,?,?,?,?,?,6D8CC9F8,000000FE), ref: 6D82C26C
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,?,00000000,?,00000000,?,?,?,?,?,6D8CC9F8,000000FE), ref: 6D82C27D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireCurrentServiceSession
                                                                                  • String ID:
                                                                                  • API String ID: 4254861812-0
                                                                                  • Opcode ID: bdeba0c7626f7b2223eabf048399ca84a7f51063fc420e87d18673506539e28e
                                                                                  • Instruction ID: bbd1321ae13dd9599d70febf4a652f71ae20f414a883030558e1e9d38e6b3444
                                                                                  • Opcode Fuzzy Hash: bdeba0c7626f7b2223eabf048399ca84a7f51063fc420e87d18673506539e28e
                                                                                  • Instruction Fuzzy Hash: D9316D7260954BBED705CBB8C888BF9F768FF42308F04895AD51C47201DB39A989C7E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83DE9E, Relevance: 13.6, APIs: 9, Instructions: 79memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 84%
                                                                                  			E6D83DE9E(void* __ecx) {
				char _v0;
				char _v12;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				void* _v60;
				void* _v64;
				void* _v65;
				void* _v66;
				void* __ebx;
				void* __edi;
				void* _t81;
				signed int _t82;
				intOrPtr* _t92;
				signed int _t96;
				intOrPtr* _t100;
				signed int _t103;
				signed int _t104;
				intOrPtr _t109;
				intOrPtr* _t110;
				signed int _t116;
				char _t121;
				void* _t128;
				signed int* _t130;
				signed int* _t135;
				signed int _t138;
				signed int _t140;
				void* _t145;
				unsigned int _t147;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				intOrPtr _t154;
				intOrPtr _t155;
				signed int _t156;
				intOrPtr* _t157;
				signed int _t161;
				signed int* _t162;
				char _t163;
				signed int _t164;
				signed int _t169;
				signed int _t171;
				intOrPtr* _t173;
				signed int _t176;
				signed int _t177;
				intOrPtr* _t178;
				void* _t181;
				void* _t183;
				signed int _t186;
				signed int _t188;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				void* _t196;

				_t194 = _t193 & 0xfffffff8;
				_push(__ecx);
				_push(_t173);
				_t181 = __ecx;
				_t81 = E6D822280( *0x6d8f84cc + 4,  *0x6d8f84cc + 4);
				_t128 = _t181 + 0x28;
				_t82 = E6D822280(_t81, _t128);
				asm("lock xadd [esi+0x50], eax");
				if((_t82 | 0xffffffff) != 1) {
					E6D81FFB0(_t128, _t173, _t128);
					L8:
					return E6D81FFB0(_t128, _t173,  *0x6d8f84cc + 4);
				} else {
					if(E6D827D50() != 0) {
						_t92 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
					} else {
						_t92 = 0x7ffe038e;
					}
					_t173 = _t181 + 0x10;
					if( *_t92 != 0) {
						E6D892EA3(_t181,  *_t173,  *((intOrPtr*)(_t173 + 4)));
					}
					_push(_t173);
					E6D84B150();
					_t96 = _t181 + 0x1c;
					_t162 =  *_t96;
					if(_t162[1] != _t96) {
						L10:
						_t145 = 3;
						asm("int 0x29");
						_t191 = _t194;
						_push(_t145);
						_push(_t145);
						_push(_t128);
						_push(_t181);
						_push(_t173);
						_t130 = _t162;
						_t183 = _t145;
						asm("lock xadd [esi+0x2c], eax");
						if((_t96 | 0xffffffff) == 1) {
							_t146 =  *((intOrPtr*)(_t183 + 0x28));
							if( *((intOrPtr*)(_t183 + 0x28)) != 0) {
								E6D80A745(_t130, _t146, _t162, _t173);
							}
							_t100 = _t183 + 4;
							_t163 =  *_t100;
							if( *((intOrPtr*)(_t163 + 4)) != _t100) {
								L20:
								_t147 = 3;
								asm("int 0x29");
								_push(_t191);
								_t196 = (_t194 & 0xfffffff8) - 0x1c;
								_v56 = _v56 & 0x00000000;
								_push(_t130);
								 *((char*)(_t196 + 0xb)) = _t163;
								 *(_t196 + 0x18) = _t147;
								_push(_t183);
								_push(_t173);
								_t135 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + ((_t147 >> 0x00000005 & 0x0000007f) + 0x97) * 4;
								_t103 = 0;
								_t164 =  *_t135;
								_v48 = _t135;
								 *(_t196 + 0x12) = 0;
								if(_t164 != 0) {
									while((_t164 & 0x00000001) == 0) {
										_t103 = _t164;
										if((_t164 & 0x00000002) != 0) {
											asm("lock cmpxchg [ebx], ecx");
											if(_t103 != _t164) {
												goto L54;
											}
										} else {
											_t186 = _t164 | 0x00000002;
											asm("lock cmpxchg [ebx], ecx");
											if(_t103 != _t164) {
												L54:
												_t164 = _t103;
												if(_t103 != 0) {
													continue;
												} else {
												}
											} else {
												while(1) {
													L25:
													_t138 = _t186 & 0xfffffffc;
													 *(_t196 + 0x24) = _t138;
													_t176 = _t138;
													if( *((intOrPtr*)(_t138 + 0x10)) == 0) {
														goto L56;
													}
													L26:
													_t177 =  *((intOrPtr*)(_t176 + 0x10));
													 *((intOrPtr*)(_t138 + 0x10)) = _t177;
													while(_t177 != 0) {
														_t169 =  *((intOrPtr*)(_t177 + 0xc));
														_v52 = _t169;
														if( *_t177 !=  *((intOrPtr*)(_t196 + 0x20))) {
															L60:
															_t177 = _t169;
															continue;
														} else {
															_t152 =  *(_t177 + 8);
															if(_t177 != _t138) {
																 *(_t169 + 8) = _t152;
																_t153 =  *(_t177 + 8);
																_t109 =  *((intOrPtr*)(_t177 + 0xc));
																if(_t153 != 0) {
																	 *((intOrPtr*)(_t153 + 0xc)) = _t109;
																} else {
																	 *((intOrPtr*)(_t138 + 0x10)) = _t109;
																	 *((intOrPtr*)( *((intOrPtr*)(_t177 + 0xc)) + 0x10)) =  *((intOrPtr*)(_t177 + 0xc));
																}
																goto L34;
															} else {
																if(_t152 != 0) {
																	_t152 = _t152 ^ (_t152 ^ _t186) & 0x00000003;
																}
																_t116 = _t186;
																asm("lock cmpxchg [ebx], edx");
																_t138 =  *(_t196 + 0x24);
																if(_t116 != _t186) {
																	_t186 = _t116;
																	goto L25;
																} else {
																	_t171 =  *(_t177 + 8);
																	_t156 = _t152 & 0xffffff00 | _t152 == 0x00000000;
																	 *(_t196 + 0x12) = _t156;
																	if(_t171 != 0) {
																		 *(_t171 + 0xc) =  *(_t171 + 0xc) & 0x00000000;
																		 *((intOrPtr*)(_t171 + 0x10)) =  *((intOrPtr*)(_t177 + 0x10));
																		 *(_t196 + 0x12) = _t156;
																	}
																	_t169 = _v52;
																	L34:
																	_t154 = 2;
																	_t49 = _t177 + 0x14; // 0x14
																	_t110 = _t49;
																	_t155 =  *_t110;
																	 *_t110 = _t154;
																	if(_t155 == 2) {
																		goto L60;
																	} else {
																		if(_t155 == 0) {
																			 *(_t177 + 8) = _v56;
																			_v56 = _t177;
																		}
																		if( *((char*)(_t196 + 0x13)) != 0) {
																			goto L60;
																		}
																	}
																}
															}
														}
														break;
													}
													_t103 = _v56;
													if(_t103 != 0) {
														do {
															_push( *((intOrPtr*)(_t103 + 4)));
															_t188 =  *(_t103 + 8);
															E6D849BF0();
															_t103 = _t188;
														} while (_t188 != 0);
													}
													if( *(_t196 + 0x12) == 0) {
														_t151 =  *_v48;
														while(1) {
															_t140 = _t151 & 0x00000001;
															asm("sbb edx, edx");
															_t103 = _t151;
															asm("lock cmpxchg [esi], edx");
															if(_t103 == _t151) {
																break;
															}
															_t151 = _t103;
														}
														if(_t140 != 0) {
															_t103 = E6D8BCF30(_t103);
														}
													}
													goto L41;
													do {
														L56:
														_t104 = _t176;
														_t176 =  *(_t176 + 8);
														 *(_t176 + 0xc) = _t104;
													} while ( *((intOrPtr*)(_t176 + 0x10)) == 0);
													goto L26;
												}
											}
										}
										goto L41;
									}
								}
								L41:
								return _t103;
							} else {
								_t157 =  *((intOrPtr*)(_t100 + 4));
								if( *_t157 != _t100) {
									goto L20;
								} else {
									 *_t157 = _t163;
									 *((intOrPtr*)(_t163 + 4)) = _t157;
									_t178 =  *((intOrPtr*)(_t183 + 0x30));
									 *_t130 =  *(_t183 + 0x38);
									 *_v0 =  *((intOrPtr*)(_t183 + 0x3c));
									_t121 = RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t183);
									if(_t178 != 0) {
										 *_t178 = 1;
										_t121 =  &_v12;
										asm("lock or [eax], ecx");
										_push(0);
										L21();
									}
									goto L13;
								}
							}
						} else {
							_t121 = _v0;
							 *_t130 =  *_t130 & 0x00000000;
							 *_t121 =  *_t121 & 0x00000000;
							L13:
							return _t121;
						}
					} else {
						_t161 =  *(_t96 + 4);
						if( *_t161 != _t96) {
							goto L10;
						} else {
							 *_t161 = _t162;
							_t162[1] = _t161;
							E6D81FFB0(_t128, _t173, _t128);
							if( *(_t181 + 0x58) != 0) {
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0,  *(_t181 + 0x58));
							}
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t181);
							goto L8;
						}
					}
				}
			}

























































                                                                                  0x6d83dea3
                                                                                  0x6d83dea6
                                                                                  0x6d83deae
                                                                                  0x6d83deb2
                                                                                  0x6d83deb5
                                                                                  0x6d83deba
                                                                                  0x6d83debe
                                                                                  0x6d83dec6
                                                                                  0x6d83decc
                                                                                  0x6d83df40
                                                                                  0x6d83df2a
                                                                                  0x6d83df3e
                                                                                  0x6d83dece
                                                                                  0x6d83ded5
                                                                                  0x6d87b445
                                                                                  0x6d83dedb
                                                                                  0x6d83dedb
                                                                                  0x6d83dedb
                                                                                  0x6d83dee2
                                                                                  0x6d83dee7
                                                                                  0x6d87b456
                                                                                  0x6d87b456
                                                                                  0x6d83deed
                                                                                  0x6d83deee
                                                                                  0x6d83def3
                                                                                  0x6d83def6
                                                                                  0x6d83defb
                                                                                  0x6d83df47
                                                                                  0x6d83df49
                                                                                  0x6d83df4a
                                                                                  0x6d83df4f
                                                                                  0x6d83df51
                                                                                  0x6d83df52
                                                                                  0x6d83df53
                                                                                  0x6d83df54
                                                                                  0x6d83df55
                                                                                  0x6d83df56
                                                                                  0x6d83df58
                                                                                  0x6d83df5d
                                                                                  0x6d83df63
                                                                                  0x6d83df77
                                                                                  0x6d83df7c
                                                                                  0x6d83dfd3
                                                                                  0x6d83dfd3
                                                                                  0x6d83df7e
                                                                                  0x6d83df81
                                                                                  0x6d83df86
                                                                                  0x6d83dfda
                                                                                  0x6d83dfdc
                                                                                  0x6d83dfdd
                                                                                  0x6d83dfe1
                                                                                  0x6d83dfe7
                                                                                  0x6d83dff0
                                                                                  0x6d83dff5
                                                                                  0x6d83dff8
                                                                                  0x6d83e005
                                                                                  0x6d83e00f
                                                                                  0x6d83e010
                                                                                  0x6d83e011
                                                                                  0x6d83e014
                                                                                  0x6d83e016
                                                                                  0x6d83e018
                                                                                  0x6d83e01c
                                                                                  0x6d83e022
                                                                                  0x6d83e028
                                                                                  0x6d83e031
                                                                                  0x6d83e036
                                                                                  0x6d87b47d
                                                                                  0x6d87b483
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d83e03c
                                                                                  0x6d83e03e
                                                                                  0x6d83e043
                                                                                  0x6d83e049
                                                                                  0x6d87b489
                                                                                  0x6d87b489
                                                                                  0x6d87b48d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d87b493
                                                                                  0x00000000
                                                                                  0x6d83e04f
                                                                                  0x6d83e04f
                                                                                  0x6d83e051
                                                                                  0x6d83e054
                                                                                  0x6d83e058
                                                                                  0x6d83e05e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d83e064
                                                                                  0x6d83e064
                                                                                  0x6d83e067
                                                                                  0x6d83e06a
                                                                                  0x6d83e076
                                                                                  0x6d83e079
                                                                                  0x6d83e07f
                                                                                  0x6d87b4cc
                                                                                  0x6d87b4cc
                                                                                  0x00000000
                                                                                  0x6d83e085
                                                                                  0x6d83e085
                                                                                  0x6d83e08a
                                                                                  0x6d83e11c
                                                                                  0x6d83e11f
                                                                                  0x6d83e122
                                                                                  0x6d83e127
                                                                                  0x6d83e164
                                                                                  0x6d83e129
                                                                                  0x6d83e129
                                                                                  0x6d83e12f
                                                                                  0x6d83e12f
                                                                                  0x00000000
                                                                                  0x6d83e090
                                                                                  0x6d83e092
                                                                                  0x6d87b4b2
                                                                                  0x6d87b4b2
                                                                                  0x6d83e09e
                                                                                  0x6d83e0a0
                                                                                  0x6d83e0a4
                                                                                  0x6d83e0aa
                                                                                  0x6d87b4d3
                                                                                  0x00000000
                                                                                  0x6d83e0b0
                                                                                  0x6d83e0b0
                                                                                  0x6d83e0b5
                                                                                  0x6d83e0b8
                                                                                  0x6d83e0be
                                                                                  0x6d87b4b9
                                                                                  0x6d87b4c0
                                                                                  0x6d87b4c3
                                                                                  0x6d87b4c3
                                                                                  0x6d83e0c4
                                                                                  0x6d83e0c8
                                                                                  0x6d83e0ca
                                                                                  0x6d83e0cb
                                                                                  0x6d83e0cb
                                                                                  0x6d83e0ce
                                                                                  0x6d83e0ce
                                                                                  0x6d83e0d3
                                                                                  0x00000000
                                                                                  0x6d83e0d9
                                                                                  0x6d83e0db
                                                                                  0x6d83e0e1
                                                                                  0x6d83e0e4
                                                                                  0x6d83e0e4
                                                                                  0x6d83e0ed
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d83e0ed
                                                                                  0x6d83e0d3
                                                                                  0x6d83e0aa
                                                                                  0x6d83e08a
                                                                                  0x00000000
                                                                                  0x6d83e07f
                                                                                  0x6d83e0f3
                                                                                  0x6d83e0f9
                                                                                  0x6d83e0fb
                                                                                  0x6d83e0fb
                                                                                  0x6d83e0fe
                                                                                  0x6d83e101
                                                                                  0x6d83e106
                                                                                  0x6d83e108
                                                                                  0x6d83e0fb
                                                                                  0x6d83e111
                                                                                  0x6d83e138
                                                                                  0x6d83e13a
                                                                                  0x6d83e13e
                                                                                  0x6d83e148
                                                                                  0x6d83e14e
                                                                                  0x6d83e150
                                                                                  0x6d83e156
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d83e16c
                                                                                  0x6d83e16c
                                                                                  0x6d83e15a
                                                                                  0x6d83e15d
                                                                                  0x6d83e15d
                                                                                  0x6d83e15a
                                                                                  0x00000000
                                                                                  0x6d87b498
                                                                                  0x6d87b498
                                                                                  0x6d87b498
                                                                                  0x6d87b49a
                                                                                  0x6d87b49d
                                                                                  0x6d87b4a0
                                                                                  0x00000000
                                                                                  0x6d87b4a6
                                                                                  0x6d83e04f
                                                                                  0x6d83e049
                                                                                  0x00000000
                                                                                  0x6d83e036
                                                                                  0x6d83e028
                                                                                  0x6d83e113
                                                                                  0x6d83e119
                                                                                  0x6d83df88
                                                                                  0x6d83df88
                                                                                  0x6d83df8d
                                                                                  0x00000000
                                                                                  0x6d83df8f
                                                                                  0x6d83df8f
                                                                                  0x6d83df91
                                                                                  0x6d83df97
                                                                                  0x6d83df9a
                                                                                  0x6d83dfa5
                                                                                  0x6d83dfb0
                                                                                  0x6d83dfb7
                                                                                  0x6d83dfb9
                                                                                  0x6d83dfbf
                                                                                  0x6d83dfc4
                                                                                  0x6d83dfc7
                                                                                  0x6d83dfcc
                                                                                  0x6d83dfcc
                                                                                  0x00000000
                                                                                  0x6d83dfb7
                                                                                  0x6d83df8d
                                                                                  0x6d83df65
                                                                                  0x6d83df65
                                                                                  0x6d83df68
                                                                                  0x6d83df6b
                                                                                  0x6d83df6e
                                                                                  0x6d83df74
                                                                                  0x6d83df74
                                                                                  0x6d83defd
                                                                                  0x6d83defd
                                                                                  0x6d83df02
                                                                                  0x00000000
                                                                                  0x6d83df04
                                                                                  0x6d83df04
                                                                                  0x6d83df07
                                                                                  0x6d83df0a
                                                                                  0x6d83df13
                                                                                  0x6d87b46e
                                                                                  0x6d87b46e
                                                                                  0x6d83df25
                                                                                  0x00000000
                                                                                  0x6d83df25
                                                                                  0x6d83df02
                                                                                  0x6d83defb

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,00000000,?,00000000,?,?,6D803A82,?,?,?,?,?,00000001,00000000,?,?), ref: 6D83DEB5
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,?,00000000,?,?,6D803A82,?,?,?,?,?,00000001,00000000,?), ref: 6D83DEBE
                                                                                    • Part of subcall function 6D822280: RtlDllShutdownInProgress.BCCB(00000000), ref: 6D8222BA
                                                                                    • Part of subcall function 6D822280: ZwWaitForAlertByThreadId.BCCB(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6D8223A3
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,00000000,?,00000000,?,?,6D803A82,?,?,?,?,?,00000001,00000000,?), ref: 6D83DECE
                                                                                  • ZwUnsubscribeWnfStateChange.BCCB(?,?,?,00000000,?,00000000,?,?,6D803A82,?,?,?,?,?,00000001,00000000), ref: 6D83DEEE
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000000,?,00000000,?,?,6D803A82,?,?,?,?,?,00000001), ref: 6D83DF0A
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,?,?,?,00000000,?,00000000,?,?,6D803A82,?), ref: 6D83DF25
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000000,?,00000000,?,?,6D803A82,?,?,?,?,?,00000001), ref: 6D83DF33
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,?,00000000,?,?,6D803A82,?,?,?,?,?,00000001,00000000), ref: 6D83DF40
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,?,?,00000000,?,00000000,?,?,6D803A82,?), ref: 6D87B46E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireFreeHeap$AlertChangeCurrentProgressServiceSessionShutdownStateThreadUnsubscribeWait
                                                                                  • String ID:
                                                                                  • API String ID: 3923771875-0
                                                                                  • Opcode ID: 49ae150c8fab6e13de1a2038fd37d44e20556d2eb3fe1357a4d7c4803f18dfed
                                                                                  • Instruction ID: 51f8b3a2bdf7cffe7629b96d1ffe2001862a4440e7d582ec4e0c96000241a02e
                                                                                  • Opcode Fuzzy Hash: 49ae150c8fab6e13de1a2038fd37d44e20556d2eb3fe1357a4d7c4803f18dfed
                                                                                  • Instruction Fuzzy Hash: E521F2722086469FC7218B6DCC8CF16B7B9FF46358F024E65F1099B6A1DB74E845CAE0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8B23E3, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 64%
                                                                                  			E6D8B23E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x6d8f874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x6d8f874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E6D85D4F0(_t83, 0x6d7e6c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6D80B150();
					} else {
						E6D80B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E6D80B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6d8f6378 = 1;
						asm("int3");
						 *0x6d8f6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                                  0x6d8b23e3
                                                                                  0x6d8b23e8
                                                                                  0x6d8b23eb
                                                                                  0x6d8b23ee
                                                                                  0x6d8b23f3
                                                                                  0x6d8b259b
                                                                                  0x6d8b259b
                                                                                  0x6d8b259d
                                                                                  0x6d8b25a3
                                                                                  0x6d8b25a3
                                                                                  0x6d8b23fb
                                                                                  0x6d8b2424
                                                                                  0x6d8b244f
                                                                                  0x6d8b2460
                                                                                  0x6d8b2451
                                                                                  0x6d8b2451
                                                                                  0x6d8b2456
                                                                                  0x6d8b2458
                                                                                  0x6d8b2458
                                                                                  0x6d8b245b
                                                                                  0x6d8b245b
                                                                                  0x6d8b2426
                                                                                  0x6d8b2431
                                                                                  0x6d8b2436
                                                                                  0x6d8b2443
                                                                                  0x6d8b2438
                                                                                  0x6d8b2438
                                                                                  0x6d8b2438
                                                                                  0x6d8b2445
                                                                                  0x6d8b2445
                                                                                  0x6d8b2463
                                                                                  0x6d8b2469
                                                                                  0x6d8b246f
                                                                                  0x6d8b2480
                                                                                  0x6d8b2495
                                                                                  0x6d8b24a1
                                                                                  0x6d8b24ce
                                                                                  0x6d8b24df
                                                                                  0x6d8b24d0
                                                                                  0x6d8b24d0
                                                                                  0x6d8b24d5
                                                                                  0x6d8b24d7
                                                                                  0x6d8b24d7
                                                                                  0x6d8b24da
                                                                                  0x6d8b24da
                                                                                  0x6d8b24a3
                                                                                  0x6d8b24b0
                                                                                  0x6d8b24b5
                                                                                  0x6d8b24c2
                                                                                  0x6d8b24b7
                                                                                  0x6d8b24b7
                                                                                  0x6d8b24b7
                                                                                  0x6d8b24c4
                                                                                  0x6d8b24c4
                                                                                  0x6d8b24e8
                                                                                  0x6d8b2497
                                                                                  0x6d8b249a
                                                                                  0x6d8b249a
                                                                                  0x6d8b2482
                                                                                  0x6d8b2488
                                                                                  0x6d8b2488
                                                                                  0x6d8b2471
                                                                                  0x6d8b2479
                                                                                  0x6d8b2479
                                                                                  0x6d8b24ef
                                                                                  0x6d8b23fd
                                                                                  0x6d8b2401
                                                                                  0x6d8b2412
                                                                                  0x6d8b2403
                                                                                  0x6d8b2403
                                                                                  0x6d8b2408
                                                                                  0x6d8b240a
                                                                                  0x6d8b240a
                                                                                  0x6d8b240d
                                                                                  0x6d8b240d
                                                                                  0x6d8b241b
                                                                                  0x6d8b241b
                                                                                  0x6d8b24f1
                                                                                  0x6d8b24f6
                                                                                  0x6d8b2507
                                                                                  0x6d8b2510
                                                                                  0x00000000
                                                                                  0x6d8b2510
                                                                                  0x6d8b250b
                                                                                  0x00000000
                                                                                  0x6d8b24f8
                                                                                  0x6d8b24f8
                                                                                  0x6d8b24fc
                                                                                  0x6d8b2500
                                                                                  0x6d8b2512
                                                                                  0x6d8b2515
                                                                                  0x6d8b251a
                                                                                  0x6d8b2521
                                                                                  0x6d8b2524
                                                                                  0x6d8b2529
                                                                                  0x6d8b252f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8b253c
                                                                                  0x6d8b255c
                                                                                  0x6d8b2561
                                                                                  0x6d8b253e
                                                                                  0x6d8b2554
                                                                                  0x6d8b2559
                                                                                  0x6d8b256a
                                                                                  0x6d8b256d
                                                                                  0x6d8b2574
                                                                                  0x6d8b2586
                                                                                  0x6d8b2588
                                                                                  0x6d8b258f
                                                                                  0x6d8b2590
                                                                                  0x6d8b2590
                                                                                  0x6d8b2597
                                                                                  0x00000000
                                                                                  0x6d8b2597

                                                                                  APIs
                                                                                  • RtlCompareMemory.BCCB(-00000010,6D7E6C58,00000008,?,-00000018,?,?,?,6D8C4BD7), ref: 6D8B2524
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,-00000010,6D7E6C58,00000008,?,-00000018,?,?,?,6D8C4BD7), ref: 6D8B2554
                                                                                  • DbgPrint.BCCB(HEAP: ,-00000010,6D7E6C58,00000008,?,-00000018,?,?,?,6D8C4BD7), ref: 6D8B2561
                                                                                  • DbgPrint.BCCB(Heap block at %p modified at %p past requested size of %Ix,-00000018,?,?,-00000010,6D7E6C58,00000008,?,-00000018,?,?,?,6D8C4BD7), ref: 6D8B2574
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 6D8B254F
                                                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 6D8B256F
                                                                                  • HEAP: , xrefs: 6D8B255C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$CompareMemory
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                  • API String ID: 216965414-3815128232
                                                                                  • Opcode ID: 1c1ef8fe47313f78913cec5edaef47d0c8f45cc6c83208b7dd223bcd9be97420
                                                                                  • Instruction ID: cf8df53f3da6e4b58a53fd77da3bdc45f8e458880af0b3dfde7cea30b9553e0e
                                                                                  • Opcode Fuzzy Hash: 1c1ef8fe47313f78913cec5edaef47d0c8f45cc6c83208b7dd223bcd9be97420
                                                                                  • Instruction Fuzzy Hash: E75124341141658AE371CE2EC84CB7277E1EB4A389F518C9AF8E18BB85D33DD846DB61
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D891570, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 58%
                                                                                  			E6D891570(intOrPtr __ecx, signed int __edx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v36;
				void _v52;
				char _v56;
				char _v60;
				short _v64;
				char _v68;
				char _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				char _v100;
				int _v104;
				int _v108;
				int _v112;
				int _v116;
				int _v120;
				char _v124;
				void* _v132;
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t59;
				signed int _t61;
				signed int _t62;
				signed int* _t63;
				signed int* _t70;
				int _t73;
				signed int _t84;

				_t82 = __edi;
				_t81 = __edx;
				_v8 =  *0x6d8fd360 ^ _t84;
				_t73 = 0;
				_v76 = __edx;
				_v80 = __ecx;
				_v60 = 0;
				_v56 = 0;
				_v68 = 0;
				_v64 = 0x500;
				_t48 = E6D8916FA();
				_t83 = _t48;
				if(_t48 < 0) {
					L19:
					if(_v60 != 0) {
						_push(_v60);
						E6D8495D0();
					}
					return E6D84B640(_t83, _t73, _v8 ^ _t84, _t81, _t82, _t83);
				}
				_push(0);
				_push(8);
				_push( &_v100);
				_push(0x73);
				_t53 = E6D849860();
				_t83 = _t53;
				if(_t53 < 0) {
					goto L19;
				}
				_t83 = E6D89176C(_v100);
				if(_t83 < 0) {
					goto L19;
				}
				_t92 = _t83 - 0x102;
				if(_t83 == 0x102) {
					goto L19;
				}
				RtlInitUnicodeString( &_v132, L"\\WindowsErrorReportingServicePort");
				memset( &_v52, 0, 0x2c);
				_v36 = 0x568;
				_push( &_v56);
				_t59 = E6D891879(0,  &_v68, __edi, _t83, _t92);
				_t83 = _t59;
				if(_t59 >= 0) {
					_t61 = _v96;
					_v124 = 0x18;
					_v120 = 0;
					_v112 = 0;
					_v116 = 0;
					_v108 = 0;
					_v104 = 0;
					if(_t61 != 0xffffffff) {
						_t81 = _t61 * 0xffffd8f0 >> 0x20;
						_t62 = _t61 * 0xffffd8f0;
						__eflags = _t62;
						_v92 = _t62;
						_t63 =  &_v92;
						_v88 = _t61 * 0xffffd8f0 >> 0x20;
					} else {
						_t73 = 1;
						_t63 = 0;
					}
					_push(_t63);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(_v56);
					_push(0x20000);
					_push( &_v52);
					_push( &_v124);
					_push( &_v132);
					_push( &_v60);
					_t83 = E6D849C70();
					if(_t83 >= 0 && _t83 != 0x102) {
						_v72 = 0x568;
						if(_t73 == 0) {
							_t70 =  &_v92;
						} else {
							_t70 = 0;
						}
						_t73 = _v76;
						_push(_t70);
						_push(0);
						_push( &_v72);
						_push(_t73);
						_push(0);
						_push(_v80);
						_push(0x20000);
						_push(_v60);
						_t83 = E6D849DA0();
						if(_t83 >= 0 && _t83 != 0x102) {
							_t83 =  *((intOrPtr*)(_t73 + 0x1c));
							if( *((intOrPtr*)(_t73 + 0x1c)) >= 0) {
								_t83 = 0;
							}
						}
					}
				}
				if(_v56 != 0) {
					E6D891AD6(_v56);
				}
				goto L19;
			}




































                                                                                  0x6d891570
                                                                                  0x6d891570
                                                                                  0x6d891582
                                                                                  0x6d891586
                                                                                  0x6d891588
                                                                                  0x6d89158c
                                                                                  0x6d89158f
                                                                                  0x6d891592
                                                                                  0x6d891595
                                                                                  0x6d891598
                                                                                  0x6d89159e
                                                                                  0x6d8915a3
                                                                                  0x6d8915a7
                                                                                  0x6d8916da
                                                                                  0x6d8916de
                                                                                  0x6d8916e0
                                                                                  0x6d8916e3
                                                                                  0x6d8916e3
                                                                                  0x6d8916f9
                                                                                  0x6d8916f9
                                                                                  0x6d8915ad
                                                                                  0x6d8915ae
                                                                                  0x6d8915b3
                                                                                  0x6d8915b4
                                                                                  0x6d8915b6
                                                                                  0x6d8915bb
                                                                                  0x6d8915bf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8915cd
                                                                                  0x6d8915d1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8915d7
                                                                                  0x6d8915dd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8915ec
                                                                                  0x6d8915f8
                                                                                  0x6d891600
                                                                                  0x6d89160d
                                                                                  0x6d891611
                                                                                  0x6d891616
                                                                                  0x6d89161a
                                                                                  0x6d891620
                                                                                  0x6d891623
                                                                                  0x6d89162a
                                                                                  0x6d89162d
                                                                                  0x6d891630
                                                                                  0x6d891633
                                                                                  0x6d891636
                                                                                  0x6d89163c
                                                                                  0x6d891649
                                                                                  0x6d891649
                                                                                  0x6d891649
                                                                                  0x6d89164b
                                                                                  0x6d89164e
                                                                                  0x6d891651
                                                                                  0x6d89163e
                                                                                  0x6d89163e
                                                                                  0x6d891640
                                                                                  0x6d891640
                                                                                  0x6d891654
                                                                                  0x6d891657
                                                                                  0x6d891658
                                                                                  0x6d891659
                                                                                  0x6d89165a
                                                                                  0x6d89165b
                                                                                  0x6d891661
                                                                                  0x6d891666
                                                                                  0x6d89166a
                                                                                  0x6d89166e
                                                                                  0x6d891672
                                                                                  0x6d891678
                                                                                  0x6d89167c
                                                                                  0x6d891686
                                                                                  0x6d89168f
                                                                                  0x6d891695
                                                                                  0x6d891691
                                                                                  0x6d891691
                                                                                  0x6d891691
                                                                                  0x6d891698
                                                                                  0x6d89169b
                                                                                  0x6d89169c
                                                                                  0x6d8916a1
                                                                                  0x6d8916a2
                                                                                  0x6d8916a3
                                                                                  0x6d8916a5
                                                                                  0x6d8916a8
                                                                                  0x6d8916ad
                                                                                  0x6d8916b5
                                                                                  0x6d8916b9
                                                                                  0x6d8916c3
                                                                                  0x6d8916c8
                                                                                  0x6d8916ca
                                                                                  0x6d8916ca
                                                                                  0x6d8916c8
                                                                                  0x6d8916b9
                                                                                  0x6d89167c
                                                                                  0x6d8916d0
                                                                                  0x6d8916d5
                                                                                  0x6d8916d5
                                                                                  0x00000000

                                                                                  APIs
                                                                                    • Part of subcall function 6D8916FA: ZwQueryWnfStateNameInformation.BCCB(6D7EFB74,00000001,00000000,00000568,00000004,?,?,00000000,?,?,?,?,6D8915A3,?,00000568), ref: 6D891718
                                                                                    • Part of subcall function 6D8916FA: ZwUpdateWnfStateData.BCCB(6D7EFB74,00000000,00000000,00000000,00000000,00000000,00000000,6D7EFB74,00000001,00000000,00000568,00000004,?,?,00000000), ref: 6D89172D
                                                                                    • Part of subcall function 6D8916FA: EtwEventWriteNoRegistration.BCCB(6D7EFB7C,?,00000000,00000000,6D7EFB74,00000001,00000000,00000568,00000004,?,?,00000000,?,?,?,?), ref: 6D89174B
                                                                                  • ZwQuerySystemInformation.BCCB(00000073,?,00000008,00000000,?,00000568), ref: 6D8915B6
                                                                                    • Part of subcall function 6D849860: LdrInitializeThunk.NTDLL(6D8915BB,00000073,?,00000008,00000000,?,00000568), ref: 6D84986A
                                                                                    • Part of subcall function 6D89176C: ZwOpenEvent.BCCB(00000568,00100001,?,?,00000000), ref: 6D8917B5
                                                                                    • Part of subcall function 6D89176C: ZwWaitForSingleObject.BCCB(00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6D8917E1
                                                                                    • Part of subcall function 6D89176C: ZwClose.BCCB(00000568,00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6D8917EB
                                                                                  • RtlInitUnicodeString.BCCB(?,\WindowsErrorReportingServicePort,00000073,?,00000008,00000000,?,00000568), ref: 6D8915EC
                                                                                  • memset.BCCB(?,00000000,0000002C,?,\WindowsErrorReportingServicePort,00000073,?,00000008,00000000,?,00000568), ref: 6D8915F8
                                                                                  • ZwAlpcConnectPort.BCCB(?,?,00000018,?,00020000,?,00000000,00000000,00000000,00000000,?), ref: 6D891673
                                                                                  • ZwAlpcSendWaitReceivePort.BCCB(?,00020000,?,00000000,?,00000568,00000000,?,?,?,00000018,?,00020000,?,00000000,00000000), ref: 6D8916B0
                                                                                  • ZwClose.BCCB(00000000,?,00000568), ref: 6D8916E3
                                                                                  Strings
                                                                                  • \WindowsErrorReportingServicePort, xrefs: 6D8915E3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AlpcCloseEventInformationPortQueryStateWait$ConnectDataInitInitializeNameObjectOpenReceiveRegistrationSendSingleStringSystemThunkUnicodeUpdateWritememset
                                                                                  • String ID: \WindowsErrorReportingServicePort
                                                                                  • API String ID: 360723211-589754893
                                                                                  • Opcode ID: 8a4b4ed7bee6e01aba95f69b381ab276a655f763775a90c3556f02be4d189a09
                                                                                  • Instruction ID: 9e65b3320c2b0693363c7da3818401893bbe1299acb8595ccfed346778abe1c9
                                                                                  • Opcode Fuzzy Hash: 8a4b4ed7bee6e01aba95f69b381ab276a655f763775a90c3556f02be4d189a09
                                                                                  • Instruction Fuzzy Hash: 51417FB1D0961DABDB12DFE9DC88AEEBBBCBF04714F154529E954AB240D7309D04CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D81DD80, Relevance: 12.3, APIs: 8, Instructions: 337nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 84%
                                                                                  			E6D81DD80(void* __ecx, signed int __edx) {
				intOrPtr _v8;
				signed char _v13;
				void* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				long _v40;
				signed char _v44;
				signed int _v48;
				signed int _v52;
				void* __ebp;
				signed int _t111;
				signed char _t117;
				void* _t119;
				void* _t121;
				signed int _t123;
				signed int _t132;
				intOrPtr _t141;
				signed char _t142;
				signed int _t145;
				signed int _t149;
				signed int _t150;
				signed char _t151;
				signed int* _t157;
				signed int _t162;
				signed int _t165;
				signed char _t168;
				signed int _t169;
				void* _t172;
				signed char _t176;
				char _t178;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				signed int _t195;
				signed int _t199;
				void* _t201;
				signed int* _t203;
				signed int _t207;
				signed int* _t208;
				void* _t213;

				_t186 = __edx;
				_v8 =  *((intOrPtr*)(_t213 + 4));
				_t203 = __edx;
				_v24 = 0;
				_t195 = __ecx;
				_v32 = __edx;
				_v20 = __ecx;
				 *((intOrPtr*)(__edx + 4)) = 0;
				 *((intOrPtr*)(__edx + 8)) = 0;
				if( *0x6d8f8474 != 3) {
					L16:
					_push(0);
					_push(0xc);
					_push( &_v52);
					_push(6);
					_push(_t195);
					_push(0xffffffff);
					if(E6D849730() < 0) {
						L66:
						_t165 = 0;
						_v20 = 0;
						L21:
						_t203[1] = _t165;
						if(_t165 == 0) {
							_t187 = _v24;
							L43:
							_t111 = _t187;
							L15:
							return _t111;
						}
						_v28 = 0;
						E6D81E9C0(1, _t165, 0, 0,  &_v28);
						if(( *(_v28 + 0x5e) & 0x00000400) != 0) {
							L56:
							_t188 = _t186 | 0xffffffff;
							_t111 = _t188;
							_t203[3] = _t195 | _t188;
							 *_t203 = _t188;
							goto L15;
						}
						E6D81E9C0(1, _v20, 0, 0,  &_v40);
						_t117 = _v20;
						_t195 = 0;
						_v13 = 1;
						_t168 = _t117;
						_v24 = _t168;
						_v32 = 0;
						_v36 = 0;
						if((_t117 & 0x00000003) != 0) {
							_v24 = _t168;
							_v13 =  !_t117 & 0x00000001;
						}
						_t119 = E6D81E9C0(1, _t168, 0, 0,  &_v32);
						_t169 = _v32;
						if(_t169 == 0) {
							L72:
							if(_t119 < 0) {
								goto L74;
							}
							_t186 = _v32;
						} else {
							_t132 =  *(_t169 + 0x18) & 0x0000ffff;
							_t186 = 0x10b;
							if(_t132 != 0x10b) {
								_t186 = 0x20b;
								if(_t132 != 0x20b) {
									L74:
									_t121 = RtlImageDirectoryEntryToData(_v20, 1, 0xe,  &_v40);
									if(_t121 == 0 || ( *(_t121 + 0x10) & 0x00000001) == 0) {
										_t187 = 0;
										L42:
										_t203[3] = 0;
										 *_t203 = _t187;
										goto L43;
									} else {
										goto L56;
									}
								}
								_t186 = _v13;
								_t119 = E6D802F47(_v24, _t186, 0xa,  &_v32, _t169,  &_v36);
								_t195 = _v36;
								goto L72;
							}
							if( *((intOrPtr*)(_t169 + 0x74)) <= 0xa) {
								goto L74;
							}
							_t195 =  *(_t169 + 0xc8);
							if(_t195 == 0) {
								goto L74;
							}
							_t186 =  *(_t169 + 0xcc);
							_v36 = _t186;
							if(_v13 == 0) {
								if(_t195 <  *((intOrPtr*)(_t169 + 0x54))) {
									goto L30;
								}
								_t195 = E6D843C00(_t169, _v24, _t195);
								if(_t195 == 0) {
									goto L74;
								}
								_t186 = _v36;
								L31:
								if(_t195 == 0 || _t186 == 0 || _t186 != 0x40 && _t186 !=  *_t195) {
									goto L74;
								} else {
									_t123 =  *(_v40 + 4) & 0x0000ffff;
									if(_t123 == 0x3a64 || _t123 == 0x14c) {
										if( *_t195 < 0x48) {
											goto L74;
										}
										_t186 =  *(_t195 + 0x40);
										if(_t186 == 0) {
											goto L74;
										}
										_t195 =  *(_t195 + 0x44);
										if(_t195 == 0) {
											goto L74;
										}
										_t172 = _v20;
										if(_t186 <  *((intOrPtr*)(_v28 + 0x54)) + _t172 || _t195 >  *((intOrPtr*)(_v28 + 0x50)) - _t186 + _t172 >> 2) {
											goto L56;
										} else {
											goto L42;
										}
									} else {
										goto L74;
									}
								}
							}
							L30:
							_t195 = _t195 + _v24;
						}
						goto L31;
					}
					_t165 = _v52;
					_v20 = _t165;
					if(_t165 == 0 || (_v44 & 0x00000003) != 0 || _t195 < _t165) {
						goto L66;
					} else {
						_t203[2] = _v48;
						goto L21;
					}
				}
				E6D82FAD0(0x6d8f8654);
				_t141 =  *0x6d8fb350; // 0x1
				if(_t141 == 1) {
					L13:
					_t142 = 0x11;
					asm("lock cmpxchg [esi], ecx");
					_t176 = 0x11;
					if(0x11 != 0x11) {
						if(1 == 0) {
							L6D85DF30(0x11, _t186, 0xc0000264);
							L62:
							_t145 = _t176 & 0xfffffff0;
							_t186 =  *(_t145 + 4);
							if(_t186 != 0) {
								L64:
								asm("lock xadd [edx+0x10], eax");
								if((_t145 | 0xffffffff) - 1 > 0) {
									goto L14;
								}
								_v28 = 0xfffffff7;
								L50:
								_t199 = _v28;
								while(1) {
									_t149 = _t176 & 0x00000006;
									_v36 = _t149;
									if(_t149 != 2) {
										_t150 = _t199;
									} else {
										_t150 = _t199 + 4;
									}
									_t186 = _t176 + _t150;
									_t151 = _t176;
									asm("lock cmpxchg [edi], esi");
									_t199 = _v28;
									if(_t151 == _t176) {
										break;
									}
									_t176 = _t151;
								}
								_t195 = _v20;
								if(_v36 == 2) {
									_t186 = 0;
									E6D8400C2(0x6d8f8654, 0, 0);
								}
								goto L14;
							} else {
								goto L63;
							}
							do {
								L63:
								_t145 =  *_t145;
								_t186 =  *(_t145 + 4);
							} while (_t186 == 0);
							goto L64;
						}
						if(0 != 0) {
							L48:
							if((_t176 & 0x00000008) != 0) {
								goto L62;
							}
							_v28 = _t142 | 0xffffffff;
							goto L50;
						} else {
							goto L46;
						}
						while(1) {
							L46:
							_t75 = _t176 - 0x10; // 0x1
							asm("sbb edx, edx");
							_t186 =  ~((_t176 & 0xfffffff0) - 0x10) & _t75;
							_t142 = _t176;
							asm("lock cmpxchg [esi], edx");
							if(_t142 == _t176) {
								goto L14;
							}
							_t176 = _t142;
							if((_t142 & 0x00000002) == 0) {
								continue;
							}
							goto L48;
						}
					}
					L14:
					_t111 = _v24;
					if(_t111 == 0) {
						if( *0x6d8fb35c == 0) {
							goto L15;
						}
						_t203 = _v32;
						goto L16;
					}
					goto L15;
				}
				_t178 = 1;
				_t8 = _t141 - 1; // 0x0
				_t201 = _t8;
				if(_t201 < 1) {
					L12:
					_t195 = _v20;
					goto L13;
				}
				do {
					_t186 = _t178 + _t201 >> 1;
					_t157 = (_t186 << 4) + 0x6d8fb360;
					_t207 = _t157[1];
					if(_v20 < _t207) {
						if(_t186 == 0) {
							goto L12;
						}
						_t201 = _t186 - 1;
						goto L7;
					}
					if(_v20 < _t157[2] + _t207) {
						_t208 = _v32;
						 *_t208 =  *_t157;
						_t208[1] = _t157[1];
						_t208[2] = _t157[2];
						_t208[3] = _t157[3];
						_t186 =  *0x7ffe0330;
						asm("ror eax, cl");
						_t162 =  *_t208 ^ _t186;
						_v24 = _t162;
						 *_t208 = _t162;
						goto L12;
					}
					_t178 = _t186 + 1;
					L7:
				} while (_t201 >= _t178);
				goto L12;
			}













































                                                                                  0x6d81dd80
                                                                                  0x6d81dd92
                                                                                  0x6d81dda3
                                                                                  0x6d81dda5
                                                                                  0x6d81ddad
                                                                                  0x6d81ddaf
                                                                                  0x6d81ddb2
                                                                                  0x6d81ddb5
                                                                                  0x6d81ddbc
                                                                                  0x6d81ddc3
                                                                                  0x6d81de8b
                                                                                  0x6d81de8b
                                                                                  0x6d81de8d
                                                                                  0x6d81de92
                                                                                  0x6d81de93
                                                                                  0x6d81de95
                                                                                  0x6d81de96
                                                                                  0x6d81de9f
                                                                                  0x6d86b5c2
                                                                                  0x6d86b5c2
                                                                                  0x6d86b5c4
                                                                                  0x6d81decb
                                                                                  0x6d81decb
                                                                                  0x6d81ded0
                                                                                  0x6d86b645
                                                                                  0x6d81e01e
                                                                                  0x6d81e01e
                                                                                  0x6d81de82
                                                                                  0x6d81de8a
                                                                                  0x6d81de8a
                                                                                  0x6d81ded9
                                                                                  0x6d81dee8
                                                                                  0x6d81def9
                                                                                  0x6d81e0b6
                                                                                  0x6d81e0b6
                                                                                  0x6d81e0bb
                                                                                  0x6d81e0bd
                                                                                  0x6d81e0c0
                                                                                  0x00000000
                                                                                  0x6d81e0c0
                                                                                  0x6d81df0d
                                                                                  0x6d81df12
                                                                                  0x6d81df15
                                                                                  0x6d81df17
                                                                                  0x6d81df1b
                                                                                  0x6d81df1d
                                                                                  0x6d81df20
                                                                                  0x6d81df27
                                                                                  0x6d81df2c
                                                                                  0x6d81df35
                                                                                  0x6d81df38
                                                                                  0x6d81df38
                                                                                  0x6d81df46
                                                                                  0x6d81df4b
                                                                                  0x6d81df50
                                                                                  0x6d86b611
                                                                                  0x6d86b613
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86b615
                                                                                  0x6d81df56
                                                                                  0x6d81df56
                                                                                  0x6d81df5a
                                                                                  0x6d81df62
                                                                                  0x6d86b5ee
                                                                                  0x6d86b5f6
                                                                                  0x6d86b61d
                                                                                  0x6d86b629
                                                                                  0x6d86b630
                                                                                  0x6d86b63c
                                                                                  0x6d81e019
                                                                                  0x6d81e019
                                                                                  0x6d81e01c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86b630
                                                                                  0x6d86b5f8
                                                                                  0x6d86b609
                                                                                  0x6d86b60e
                                                                                  0x00000000
                                                                                  0x6d86b60e
                                                                                  0x6d81df6c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81df72
                                                                                  0x6d81df7a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81df84
                                                                                  0x6d81df8a
                                                                                  0x6d81df8d
                                                                                  0x6d86b5cf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86b5e0
                                                                                  0x6d86b5e4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86b5e6
                                                                                  0x6d81df96
                                                                                  0x6d81df98
                                                                                  0x00000000
                                                                                  0x6d81dfb3
                                                                                  0x6d81dfbb
                                                                                  0x6d81dfc2
                                                                                  0x6d81dfd5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81dfdb
                                                                                  0x6d81dfe0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81dfe6
                                                                                  0x6d81dfeb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81dff4
                                                                                  0x6d81dffe
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81dfc2
                                                                                  0x6d81df98
                                                                                  0x6d81df93
                                                                                  0x6d81df93
                                                                                  0x6d81df93
                                                                                  0x00000000
                                                                                  0x6d81df50
                                                                                  0x6d81dea5
                                                                                  0x6d81dea8
                                                                                  0x6d81dead
                                                                                  0x00000000
                                                                                  0x6d81dec5
                                                                                  0x6d81dec8
                                                                                  0x00000000
                                                                                  0x6d81dec8
                                                                                  0x6d81dead
                                                                                  0x6d81ddce
                                                                                  0x6d81ddd3
                                                                                  0x6d81dddb
                                                                                  0x6d81de5c
                                                                                  0x6d81de63
                                                                                  0x6d81de68
                                                                                  0x6d81de6c
                                                                                  0x6d81de71
                                                                                  0x6d81e028
                                                                                  0x6d86b58b
                                                                                  0x6d86b590
                                                                                  0x6d86b592
                                                                                  0x6d86b595
                                                                                  0x6d86b59a
                                                                                  0x6d86b5a5
                                                                                  0x6d86b5a8
                                                                                  0x6d86b5b0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86b5b6
                                                                                  0x6d81e067
                                                                                  0x6d81e067
                                                                                  0x6d81e070
                                                                                  0x6d81e072
                                                                                  0x6d81e075
                                                                                  0x6d81e07b
                                                                                  0x6d81e0dc
                                                                                  0x6d81e07d
                                                                                  0x6d81e07d
                                                                                  0x6d81e07d
                                                                                  0x6d81e080
                                                                                  0x6d81e08a
                                                                                  0x6d81e08c
                                                                                  0x6d81e090
                                                                                  0x6d81e095
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81e0e0
                                                                                  0x6d81e0e0
                                                                                  0x6d81e09b
                                                                                  0x6d81e09e
                                                                                  0x6d81e0a5
                                                                                  0x6d81e0ac
                                                                                  0x6d81e0ac
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86b59c
                                                                                  0x6d86b59c
                                                                                  0x6d86b59c
                                                                                  0x6d86b59e
                                                                                  0x6d86b5a1
                                                                                  0x00000000
                                                                                  0x6d86b59c
                                                                                  0x6d81e031
                                                                                  0x6d81e058
                                                                                  0x6d81e05b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81e064
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81e033
                                                                                  0x6d81e033
                                                                                  0x6d81e035
                                                                                  0x6d81e040
                                                                                  0x6d81e042
                                                                                  0x6d81e044
                                                                                  0x6d81e046
                                                                                  0x6d81e04c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81e052
                                                                                  0x6d81e056
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81e056
                                                                                  0x6d81e033
                                                                                  0x6d81de77
                                                                                  0x6d81de77
                                                                                  0x6d81de7c
                                                                                  0x6d81e0ce
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81e0d4
                                                                                  0x00000000
                                                                                  0x6d81e0d4
                                                                                  0x00000000
                                                                                  0x6d81de7c
                                                                                  0x6d81dddd
                                                                                  0x6d81dde2
                                                                                  0x6d81dde2
                                                                                  0x6d81dde7
                                                                                  0x6d81de59
                                                                                  0x6d81de59
                                                                                  0x00000000
                                                                                  0x6d81de59
                                                                                  0x6d81ddf0
                                                                                  0x6d81ddf3
                                                                                  0x6d81ddfa
                                                                                  0x6d81ddff
                                                                                  0x6d81de05
                                                                                  0x6d81de1c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81de1e
                                                                                  0x00000000
                                                                                  0x6d81de1e
                                                                                  0x6d81de0f
                                                                                  0x6d81de25
                                                                                  0x6d81de28
                                                                                  0x6d81de2d
                                                                                  0x6d81de33
                                                                                  0x6d81de3e
                                                                                  0x6d81de41
                                                                                  0x6d81de50
                                                                                  0x6d81de52
                                                                                  0x6d81de54
                                                                                  0x6d81de57
                                                                                  0x00000000
                                                                                  0x6d81de57
                                                                                  0x6d81de11
                                                                                  0x6d81de14
                                                                                  0x6d81de14
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(6D8F8654,6D8517F0,00000000), ref: 6D81DDCE
                                                                                  • ZwQueryVirtualMemory.BCCB(000000FF,000000FE,00000006,?,0000000C,00000000,6D8517F0,00000000), ref: 6D81DE98
                                                                                  • RtlImageNtHeaderEx.BCCB(00000001,?,00000000,00000000,?,000000FF,000000FE,00000006,?,0000000C,00000000,6D8517F0,00000000), ref: 6D81DEE8
                                                                                  • RtlImageNtHeaderEx.BCCB(00000001,?,00000000,00000000,?,00000001,?,00000000,00000000,?,000000FF,000000FE,00000006,?,0000000C,00000000), ref: 6D81DF0D
                                                                                  • RtlImageNtHeaderEx.BCCB(00000001,?,00000000,00000000,00000000,00000001,?,00000000,00000000,?,00000001,?,00000000,00000000,?,000000FF), ref: 6D81DF46
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: HeaderImage$AcquireLockMemoryQuerySharedVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 114269737-0
                                                                                  • Opcode ID: 47e5569db4fff31ec7fb1dce8338d951c903045493f733e70eb932596d4d0612
                                                                                  • Instruction ID: 502fe4477add66143663b0198544ee246c2c99342e843dc9502895c1317feda7
                                                                                  • Opcode Fuzzy Hash: 47e5569db4fff31ec7fb1dce8338d951c903045493f733e70eb932596d4d0612
                                                                                  • Instruction Fuzzy Hash: 8DC1B271A082079FDB14CF58CC48BAEB7B2BF94314F14896DE565EB280E734E945CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80C600, Relevance: 12.2, APIs: 8, Instructions: 225memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 63%
                                                                                  			E6D80C600(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				char _v1036;
				intOrPtr _v1040;
				char _v1048;
				intOrPtr _v1052;
				short _v1054;
				void* _v1056;
				void* _v1060;
				long* _v1064;
				char _v1068;
				long _v1076;
				intOrPtr _v1080;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t70;
				void* _t74;
				intOrPtr _t77;
				void* _t78;
				intOrPtr* _t81;
				void* _t101;
				void* _t102;
				void* _t107;
				intOrPtr _t109;
				long* _t110;
				long* _t111;
				long* _t112;
				long* _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				void* _t117;
				intOrPtr _t118;
				void* _t120;
				long _t121;
				long _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x6d8fd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E6D816D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E6D84B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t14 = _t70 + 0xc; // 0x38
					_t121 = _t14;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t74 = RtlAllocateHeap(_t107,  *0x6d8f7b9c + 0x180000, _t121);
					_v1060 = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1068);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1056);
					_push(_t116);
					_t122 = E6D849650();
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *((intOrPtr*)(_t102 + 4));
							if(_t109 == 3 || _t109 == 7) {
								if(_t114 != _t109) {
									goto L59;
								}
								_t110 = _v1064;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1068 = _t118;
								if(_t110 == 0 ||  *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								} else {
									_push( *((intOrPtr*)(_t102 + 8)));
									_t59 = _t102 + 0xc; // 0xc
									_push(_t110);
									goto L54;
								}
							} else {
								_t118 = 4;
								if(_t109 != _t118) {
									if(_t109 != 0xb) {
										if(_t109 == 1) {
											if(_t114 != _t118) {
												_t118 =  *((intOrPtr*)(_t102 + 8));
												_v1068 = _t118;
												if(_t118 > _t77) {
													L10:
													_t122 = 0x80000005;
													L11:
													_t81 = _v1048;
													if(_t81 != 0 && (_t122 >= 0 || _t122 == 0x80000005)) {
														 *_t81 = _t118;
													}
													L15:
													_t78 = _v1060;
													if(_t78 != 0) {
														RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t78);
													}
													_t68 = _t122;
													goto L4;
												}
												_push(_t118);
												_t56 = _t102 + 0xc; // 0xc
												_push(_v1064);
												L54:
												memcpy();
												_t125 = _t125 + 0xc;
												goto L11;
											}
											if(_t77 != _t118) {
												L34:
												_t122 = 0xc0000004;
												goto L15;
											}
											_t111 = _v1064;
											if((_t111 & 0x00000003) == 0) {
												_v1068 = _t118;
												if(_t111 == 0) {
													goto L10;
												}
												_t42 = _t102 + 0xc; // 0xc
												_v1052 = _t42;
												_v1056 =  *((intOrPtr*)(_t102 + 8));
												_v1054 =  *((intOrPtr*)(_t102 + 8));
												_t122 = RtlUnicodeStringToInteger( &_v1056, 0, _t111);
												L44:
												_t118 = _v1080;
												goto L11;
											}
											_t122 = 0x80000002;
											goto L15;
										}
										_t122 = 0xc0000024;
										goto L44;
									}
									if(_t114 != _t109) {
										L59:
										_t122 = 0xc0000024;
										goto L15;
									}
									_t118 = 8;
									if(_t77 != _t118 ||  *((intOrPtr*)(_t102 + 8)) != _t118) {
										goto L34;
									} else {
										_t112 = _v1064;
										_v1068 = _t118;
										if(_t112 == 0) {
											goto L10;
										}
										 *_t112 =  *(_t102 + 0xc);
										_t112[1] =  *(_t102 + 0x10);
										goto L11;
									}
								}
								if(_t114 != _t118) {
									goto L59;
								}
								if(_t77 != _t118 ||  *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								} else {
									_t113 = _v1064;
									_v1068 = _t118;
									if(_t113 == 0) {
										goto L10;
									}
									 *_t113 =  *(_t102 + 0xc);
									goto L11;
								}
							}
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						if(_t118 <= _a20) {
							_t114 =  *((intOrPtr*)(_t102 + 4));
							_t77 = _t118;
							goto L26;
						}
						_v1068 = _t118;
						goto L10;
					}
					if(_t122 != 0x80000005) {
						goto L15;
					}
					RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1076;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E6D849650();
				if(_t122 >= 0) {
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}








































                                                                                  0x6d80c608
                                                                                  0x6d80c615
                                                                                  0x6d80c625
                                                                                  0x6d80c62d
                                                                                  0x6d80c635
                                                                                  0x6d80c640
                                                                                  0x6d80c680
                                                                                  0x6d80c687
                                                                                  0x6d80c688
                                                                                  0x6d80c689
                                                                                  0x6d80c694
                                                                                  0x6d80c694
                                                                                  0x6d80c642
                                                                                  0x6d80c64a
                                                                                  0x6d80c697
                                                                                  0x6d80c697
                                                                                  0x6d877a25
                                                                                  0x6d877a2b
                                                                                  0x6d877a30
                                                                                  0x6d877bea
                                                                                  0x6d877bea
                                                                                  0x00000000
                                                                                  0x6d877bea
                                                                                  0x6d877a43
                                                                                  0x6d877a48
                                                                                  0x6d877a4e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d877a58
                                                                                  0x6d877a5a
                                                                                  0x6d877a5b
                                                                                  0x6d877a5c
                                                                                  0x6d877a5d
                                                                                  0x6d877a63
                                                                                  0x6d877a64
                                                                                  0x6d877a6a
                                                                                  0x6d877a6e
                                                                                  0x6d8779cb
                                                                                  0x6d8779cb
                                                                                  0x6d8779d0
                                                                                  0x6d877a98
                                                                                  0x6d877a9b
                                                                                  0x6d877a9b
                                                                                  0x6d877aa1
                                                                                  0x6d877bc0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d877bc2
                                                                                  0x6d877bc6
                                                                                  0x6d877bc9
                                                                                  0x6d877bcf
                                                                                  0x00000000
                                                                                  0x6d877bde
                                                                                  0x6d877ba9
                                                                                  0x6d877bac
                                                                                  0x6d877bb0
                                                                                  0x00000000
                                                                                  0x6d877bb0
                                                                                  0x6d877ab0
                                                                                  0x6d877ab2
                                                                                  0x6d877ab5
                                                                                  0x6d877aef
                                                                                  0x6d877b28
                                                                                  0x6d877b64
                                                                                  0x6d877b8f
                                                                                  0x6d877b92
                                                                                  0x6d877b98
                                                                                  0x6d8779e6
                                                                                  0x6d8779e6
                                                                                  0x6d8779eb
                                                                                  0x6d8779eb
                                                                                  0x6d8779f1
                                                                                  0x6d8779ff
                                                                                  0x6d8779ff
                                                                                  0x6d877a01
                                                                                  0x6d877a01
                                                                                  0x6d877a07
                                                                                  0x6d877a15
                                                                                  0x6d877a15
                                                                                  0x6d877a1a
                                                                                  0x00000000
                                                                                  0x6d877a1a
                                                                                  0x6d877b9e
                                                                                  0x6d877b9f
                                                                                  0x6d877ba3
                                                                                  0x6d877bb1
                                                                                  0x6d877bb1
                                                                                  0x6d877bb6
                                                                                  0x00000000
                                                                                  0x6d877bb6
                                                                                  0x6d877b68
                                                                                  0x6d877ae2
                                                                                  0x6d877ae2
                                                                                  0x00000000
                                                                                  0x6d877ae2
                                                                                  0x6d877b6e
                                                                                  0x6d877b75
                                                                                  0x6d877b81
                                                                                  0x6d877b87
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d877b31
                                                                                  0x6d877b34
                                                                                  0x6d877b3c
                                                                                  0x6d877b46
                                                                                  0x6d877b57
                                                                                  0x6d877b59
                                                                                  0x6d877b59
                                                                                  0x00000000
                                                                                  0x6d877b59
                                                                                  0x6d877b77
                                                                                  0x00000000
                                                                                  0x6d877b77
                                                                                  0x6d877b2a
                                                                                  0x00000000
                                                                                  0x6d877b2a
                                                                                  0x6d877af3
                                                                                  0x6d877be0
                                                                                  0x6d877be0
                                                                                  0x00000000
                                                                                  0x6d877be0
                                                                                  0x6d877afb
                                                                                  0x6d877afe
                                                                                  0x00000000
                                                                                  0x6d877b05
                                                                                  0x6d877b05
                                                                                  0x6d877b09
                                                                                  0x6d877b0f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d877b18
                                                                                  0x6d877b1d
                                                                                  0x00000000
                                                                                  0x6d877b1d
                                                                                  0x6d877afe
                                                                                  0x6d877ab9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d877ac1
                                                                                  0x00000000
                                                                                  0x6d877ac8
                                                                                  0x6d877ac8
                                                                                  0x6d877acc
                                                                                  0x6d877ad2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d877adb
                                                                                  0x00000000
                                                                                  0x6d877adb
                                                                                  0x6d877ac1
                                                                                  0x6d877aa1
                                                                                  0x6d8779d6
                                                                                  0x6d8779dc
                                                                                  0x6d877a91
                                                                                  0x6d877a94
                                                                                  0x00000000
                                                                                  0x6d877a94
                                                                                  0x6d8779e2
                                                                                  0x00000000
                                                                                  0x6d8779e2
                                                                                  0x6d877a7a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d877a8a
                                                                                  0x6d877a21
                                                                                  0x6d877a21
                                                                                  0x00000000
                                                                                  0x6d877a21
                                                                                  0x6d80c650
                                                                                  0x6d80c651
                                                                                  0x6d80c656
                                                                                  0x6d80c65c
                                                                                  0x6d80c65d
                                                                                  0x6d80c663
                                                                                  0x6d80c664
                                                                                  0x6d80c66a
                                                                                  0x6d80c66e
                                                                                  0x6d8779c7
                                                                                  0x00000000
                                                                                  0x6d8779c7
                                                                                  0x6d80c67a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlInitUnicodeStringEx.BCCB(?,?,?,00000000,00800000), ref: 6D80C639
                                                                                  • ZwQueryValueKey.BCCB(00000000,?,00000002,?,00000400,?,?,?,?,00000000,00800000), ref: 6D80C665
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000002,00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6D877A15
                                                                                  • RtlAllocateHeap.BCCB(?,?,00000038,?,?,?,00000000,00800000), ref: 6D877A43
                                                                                  • ZwQueryValueKey.BCCB(00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6D877A65
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6D877A8A
                                                                                  • RtlUnicodeStringToInteger.BCCB(00000000,00000000,00000000,00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6D877B52
                                                                                  • memcpy.BCCB(00000000,0000000C,?,00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6D877BB1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$FreeQueryStringUnicodeValue$AllocateInitIntegermemcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3015855070-0
                                                                                  • Opcode ID: 287b736a027471c18761f8e19b41e891ee15ae2bf677d1676f22c935b4f88057
                                                                                  • Instruction ID: 0556d4a802c268b8a520616c9256e7a227af3649d9af09d63e17746b025a1f54
                                                                                  • Opcode Fuzzy Hash: 287b736a027471c18761f8e19b41e891ee15ae2bf677d1676f22c935b4f88057
                                                                                  • Instruction Fuzzy Hash: AA817D75E482068BE722CE18CC88B6EB3A4FB85354F158D6EFD549B250E330DD44CBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D805050, Relevance: 12.1, APIs: 8, Instructions: 133memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 96%
                                                                                  			E6D805050(intOrPtr _a4) {
				char _v20;
				void* _v24;
				long _v26;
				void* _v28;
				void* _v40;
				void* _v42;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v64;
				intOrPtr _t34;
				void* _t36;
				void* _t38;
				signed short _t41;
				signed int _t51;
				void* _t58;
				void* _t60;
				void* _t69;
				intOrPtr _t74;
				long _t78;
				void* _t79;
				void* _t80;
				void* _t81;
				signed int _t82;
				void* _t84;

				_t84 = (_t82 & 0xfffffff8) - 0x1c;
				_t34 =  *[fs:0x30];
				_t58 =  *(_t34 + 0x18);
				_t74 =  *((intOrPtr*)(_t34 + 0x10));
				_v28 = _t58;
				if(E6D80519E(_a4) != 0) {
					_t36 = 0;
					L14:
					return _t36;
				}
				if(E6D8274C0(_a4) != 0) {
					_t36 = 0xc0000103;
				} else {
					_t78 =  *(_t74 + 0x26) & 0x0000ffff;
					while(1) {
						_t38 = RtlAllocateHeap(_t58, 0, _t78);
						_v24 = _t38;
						if(_t38 == 0) {
							break;
						}
						_v28 = 0;
						if(_t78 > 0xffff) {
							_v26 = 0xffff;
							L25:
							_t79 = 0xc0000095;
							L26:
							RtlFreeHeap(_t58, 0, _t38);
							_t36 = _t79;
							goto L14;
						}
						_v26 = _t78;
						_t80 = E6D826E30(_a4, _t78, _t38, 0, 0,  &_v20);
						if(_t80 == 0) {
							_t79 = 0xc0000033;
							L23:
							_t38 = _v24;
							goto L26;
						}
						_t41 = _v26;
						if(_t80 > (_t41 & 0x0000ffff) - 4) {
							__eflags =  *((char*)( *[fs:0x30] + 3));
							if(__eflags >= 0) {
								_t41 = _v26;
								goto L7;
							}
							RtlFreeHeap(_t58, 0, _v24);
							_t78 = _t80 + 4;
							continue;
						}
						L7:
						_t72 = _t41 & 0x0000ffff;
						if(_t80 > (_t41 & 0x0000ffff)) {
							_t79 = 0xc0000106;
							goto L23;
						}
						_t92 = _t80 - 0xffff;
						if(_t80 > 0xffff) {
							_v28 = 0xffff;
							_t38 = _v24;
							goto L25;
						}
						_v28 = _t80;
						_t60 = E6D83F0BF( &_v28, _t72, _t92, _t84 + 0x14);
						RtlFreeHeap(_v40, 0, _v28);
						if(_t60 >= 0) {
							L6D81EEF0(0x6d8f79a0);
							_t69 = _v44;
							_t81 =  *0x6d8f8210;
							 *((intOrPtr*)(_t74 + 0x2c)) =  *((intOrPtr*)(_t69 + 4));
							 *((intOrPtr*)(_t74 + 0x28)) =  *((intOrPtr*)(_t69 + 0x10));
							 *((short*)(_t74 + 0x24)) =  *((intOrPtr*)(_t69 + 0xc));
							 *0x6d8f8210 = _t69;
							_t51 = E6D81EB70(_t69, 0x6d8f79a0);
							if(_t81 != 0) {
								asm("lock xadd [esi], eax");
								if((_t51 | 0xffffffff) == 0) {
									_push( *((intOrPtr*)(_t81 + 4)));
									E6D8495D0();
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t81);
								}
							}
						}
						_t36 = _t60;
						goto L14;
					}
					_t36 = 0xc0000017;
				}
			}




























                                                                                  0x6d805058
                                                                                  0x6d80505b
                                                                                  0x6d805066
                                                                                  0x6d80506a
                                                                                  0x6d80506d
                                                                                  0x6d805078
                                                                                  0x6d80519a
                                                                                  0x6d805191
                                                                                  0x6d805197
                                                                                  0x6d805197
                                                                                  0x6d805088
                                                                                  0x6d860c21
                                                                                  0x6d80508e
                                                                                  0x6d80508e
                                                                                  0x6d805092
                                                                                  0x6d805096
                                                                                  0x6d80509b
                                                                                  0x6d8050a1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8050ae
                                                                                  0x6d8050b5
                                                                                  0x6d860c72
                                                                                  0x6d860c77
                                                                                  0x6d860c77
                                                                                  0x6d860c7c
                                                                                  0x6d860c80
                                                                                  0x6d860c85
                                                                                  0x00000000
                                                                                  0x6d860c85
                                                                                  0x6d8050bf
                                                                                  0x6d8050d4
                                                                                  0x6d8050d8
                                                                                  0x6d860c67
                                                                                  0x6d860c6c
                                                                                  0x6d860c6c
                                                                                  0x00000000
                                                                                  0x6d860c6c
                                                                                  0x6d8050de
                                                                                  0x6d8050eb
                                                                                  0x6d860c31
                                                                                  0x6d860c35
                                                                                  0x6d860c4b
                                                                                  0x00000000
                                                                                  0x6d860c4b
                                                                                  0x6d860c3e
                                                                                  0x6d860c43
                                                                                  0x00000000
                                                                                  0x6d860c43
                                                                                  0x6d8050f1
                                                                                  0x6d8050f1
                                                                                  0x6d8050f6
                                                                                  0x6d860c55
                                                                                  0x00000000
                                                                                  0x6d860c55
                                                                                  0x6d805101
                                                                                  0x6d805103
                                                                                  0x6d860c5c
                                                                                  0x6d860c61
                                                                                  0x00000000
                                                                                  0x6d860c61
                                                                                  0x6d80510d
                                                                                  0x6d805120
                                                                                  0x6d805128
                                                                                  0x6d80512f
                                                                                  0x6d805136
                                                                                  0x6d80513b
                                                                                  0x6d80513f
                                                                                  0x6d80514d
                                                                                  0x6d805153
                                                                                  0x6d80515a
                                                                                  0x6d80515e
                                                                                  0x6d805164
                                                                                  0x6d80516b
                                                                                  0x6d805170
                                                                                  0x6d805174
                                                                                  0x6d805176
                                                                                  0x6d805179
                                                                                  0x6d80518a
                                                                                  0x6d80518a
                                                                                  0x6d805174
                                                                                  0x6d80516b
                                                                                  0x6d80518f
                                                                                  0x00000000
                                                                                  0x6d80518f
                                                                                  0x6d860c8c
                                                                                  0x6d860c8c

                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?), ref: 6D805096
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,?), ref: 6D860C80
                                                                                    • Part of subcall function 6D826E30: memset.BCCB(01000000,00000000,?,?,00000024,00000000,?), ref: 6D826F17
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6D805128
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6D805136
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6D805164
                                                                                  • ZwClose.BCCB(?,6D8F79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000), ref: 6D805179
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,6D8F79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000), ref: 6D80518A
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,00000000,00000000,?,00000000,?), ref: 6D860C3E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$Free$CriticalSection$AllocateCloseEnterLeavememset
                                                                                  • String ID:
                                                                                  • API String ID: 1968905909-0
                                                                                  • Opcode ID: 7e18f4cd9986fc74e1221c5ef2e55feb290874ac5d6a9bf9f4c2e67622c55af9
                                                                                  • Instruction ID: 6ec8a7283035d3e8c8500c84686d1c740bf5cc05b3e98694079a7dd52f374acd
                                                                                  • Opcode Fuzzy Hash: 7e18f4cd9986fc74e1221c5ef2e55feb290874ac5d6a9bf9f4c2e67622c55af9
                                                                                  • Instruction Fuzzy Hash: 4F41F035608342ABD321DF2DCC88B2AB7A4BF44324F114D29F9959B281E770DC42C7EA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83513A, Relevance: 10.8, APIs: 7, Instructions: 258timeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 67%
                                                                                  			E6D83513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				int _v28;
				int* _v32;
				signed int _v36;
				int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				void* _t165;
				signed int _t172;
				signed int _t181;
				void* _t185;
				void* _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				intOrPtr _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr _t230;
				void** _t233;
				signed int _t234;
				signed int _t235;
				intOrPtr _t238;
				intOrPtr _t239;
				intOrPtr _t241;
				void* _t246;
				signed int _t247;
				signed int _t248;
				void* _t249;
				void* _t252;
				void* _t253;
				signed int _t254;
				signed int _t256;
				signed int _t257;

				_t256 = (_t254 & 0xfffffff8) - 0x6c;
				_v8 =  *0x6d8fd360 ^ _t256;
				_v32 = _v32 & 0x00000000;
				_t252 = __edx;
				_t238 = __ecx;
				_t212 = 6;
				_t246 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t246, 0, _t212 << 2);
				_t257 = _t256 + 0xc;
				_t247 = _t246 + _t212;
				if(_t207 == 2) {
					_t248 =  *(_t238 + 0x60);
					_t208 =  *(_t238 + 0x64);
					_v63 =  *((intOrPtr*)(_t238 + 0x4c));
					_t159 =  *((intOrPtr*)(_t238 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t238 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t248;
					L8:
					_t214 = 0;
					if( *(_t238 + 0x74) > 0) {
						_t82 = _t238 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = 1 + _t214;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t238 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t238 +  *((intOrPtr*)(_v88 + _t238 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t238 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t238 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t241 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t252 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t241 + 0x4e) & 0x7fff)) {
								_t181 = E6D84D0F0(1, _t226 + 0x20, 0);
								_t230 = _v40;
								 *(_t230 + 8) = _t181;
								 *((intOrPtr*)(_t230 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t250 = _t127;
								E6D822280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *(_t210 + 0x94);
								if(_t185 != 0) {
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t185);
								}
								_t189 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v20 + 0x10);
								 *(_t210 + 0x94) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v28;
									( *(_t210 + 0x94))[3] = _v24;
									_t233 =  *(_t210 + 0x94);
									 *_t233 =  &(_t233[4]);
									_t233[1] = _t233[1] & 0x00000000;
									memcpy( *( *(_t210 + 0x94)), _v36, _v28);
									_t257 = _t257 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E6D81FFB0(_t210, _t250, _t250);
								_t222 = _v84;
								_t172 = _v88;
								_t208 = _v92;
								_t248 = _v96;
								L10:
								_t239 =  *((intOrPtr*)(_t252 + 0x1c));
								_v44 = _t239;
								if(_t239 != 0) {
									 *0x6d8fb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t248, _t208, _v32,  *((intOrPtr*)(_t252 + 0x20)));
									_v44();
								}
								_pop(_t249);
								_pop(_t253);
								_pop(_t209);
								return E6D84B640(0, _t209, _v8 ^ _t257, _t239, _t249, _t253);
							}
							_t181 = _v92;
							L31:
							_t226 = 1 + _t226;
							_t181 = _t181 + 0x18;
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t248 = _t247 | 0xffffffff;
				_t208 = _t248;
				_v84 = _t248;
				_v80 = _t208;
				if( *((intOrPtr*)(_t252 + 0x4c)) == _t157) {
					_t234 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t252 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t252 + 0x40);
					_t234 = _v72 |  *(_t252 + 0x44);
					_t248 =  *(_t252 + 0x38);
					_t208 =  *(_t252 + 0x3c);
					_v76 = _t202;
					_v72 = _t234;
					_v84 = _t248;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t234;
				if( *((char*)(_t252 + 0xc4)) != 0) {
					_t238 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t252 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t252 + 0xc5));
						_t238 = _v48;
					}
					_t203 = _t202 |  *(_t252 + 0xb8);
					_t235 = _t234 |  *(_t252 + 0xbc);
					_t248 = _t248 &  *(_t252 + 0xb0);
					_t208 = _t208 &  *(_t252 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t235;
					_v72 = _t235;
					_v84 = _t248;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t248 = 0;
					 *(_t238 + 0x74) =  *(_t238 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}


































































                                                                                  0x6d835142
                                                                                  0x6d83514c
                                                                                  0x6d835150
                                                                                  0x6d835157
                                                                                  0x6d835159
                                                                                  0x6d83515e
                                                                                  0x6d835165
                                                                                  0x6d835169
                                                                                  0x6d83516c
                                                                                  0x6d835172
                                                                                  0x6d835176
                                                                                  0x6d83517a
                                                                                  0x6d83517a
                                                                                  0x6d83517a
                                                                                  0x6d83517f
                                                                                  0x6d876d8b
                                                                                  0x6d876d8e
                                                                                  0x6d876d91
                                                                                  0x6d876d95
                                                                                  0x6d876d98
                                                                                  0x6d876d9c
                                                                                  0x6d876da0
                                                                                  0x6d876da3
                                                                                  0x6d876da7
                                                                                  0x6d876e26
                                                                                  0x6d876e26
                                                                                  0x6d876e2a
                                                                                  0x6d8351f9
                                                                                  0x6d8351f9
                                                                                  0x6d8351fe
                                                                                  0x6d876e33
                                                                                  0x6d876e33
                                                                                  0x6d876e39
                                                                                  0x6d876e3d
                                                                                  0x6d876e46
                                                                                  0x6d876e50
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d876e52
                                                                                  0x6d876e53
                                                                                  0x6d876e56
                                                                                  0x6d876e5d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d876e5f
                                                                                  0x6d876e67
                                                                                  0x6d876e77
                                                                                  0x6d876e7f
                                                                                  0x6d876e80
                                                                                  0x6d876e88
                                                                                  0x6d876e90
                                                                                  0x6d876e9f
                                                                                  0x6d876ea5
                                                                                  0x6d876ea9
                                                                                  0x6d876eb1
                                                                                  0x6d876ebf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d876ecf
                                                                                  0x6d876ed3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d876edb
                                                                                  0x6d876ede
                                                                                  0x6d876ee1
                                                                                  0x6d876ee8
                                                                                  0x6d876eeb
                                                                                  0x6d876eed
                                                                                  0x6d876ef0
                                                                                  0x6d876ef4
                                                                                  0x6d876ef8
                                                                                  0x6d876efc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d876f0d
                                                                                  0x6d876f11
                                                                                  0x6d876f32
                                                                                  0x6d876f37
                                                                                  0x6d876f3b
                                                                                  0x6d876f3e
                                                                                  0x6d876f41
                                                                                  0x6d876f46
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d876f4c
                                                                                  0x6d876f50
                                                                                  0x6d876f50
                                                                                  0x6d876f54
                                                                                  0x6d876f62
                                                                                  0x6d876f65
                                                                                  0x6d876f6d
                                                                                  0x6d876f7b
                                                                                  0x6d876f7b
                                                                                  0x6d876f93
                                                                                  0x6d876f98
                                                                                  0x6d876fa0
                                                                                  0x6d876fa6
                                                                                  0x6d876fb3
                                                                                  0x6d876fb6
                                                                                  0x6d876fbf
                                                                                  0x6d876fc1
                                                                                  0x6d876fd5
                                                                                  0x6d876fda
                                                                                  0x6d876fda
                                                                                  0x6d876fdd
                                                                                  0x6d876fe2
                                                                                  0x6d876fe7
                                                                                  0x6d876feb
                                                                                  0x6d876fef
                                                                                  0x6d876ff3
                                                                                  0x6d83520c
                                                                                  0x6d83520c
                                                                                  0x6d83520f
                                                                                  0x6d835215
                                                                                  0x6d835234
                                                                                  0x6d83523a
                                                                                  0x6d83523a
                                                                                  0x6d835244
                                                                                  0x6d835245
                                                                                  0x6d835246
                                                                                  0x6d835251
                                                                                  0x6d835251
                                                                                  0x6d876f13
                                                                                  0x6d876f17
                                                                                  0x6d876f17
                                                                                  0x6d876f18
                                                                                  0x6d876f1b
                                                                                  0x6d876f1f
                                                                                  0x6d876f23
                                                                                  0x00000000
                                                                                  0x6d876f28
                                                                                  0x6d835204
                                                                                  0x6d835204
                                                                                  0x6d835208
                                                                                  0x00000000
                                                                                  0x6d835208
                                                                                  0x6d835185
                                                                                  0x6d835188
                                                                                  0x6d83518a
                                                                                  0x6d83518e
                                                                                  0x6d835195
                                                                                  0x6d876db1
                                                                                  0x6d876db5
                                                                                  0x6d876db9
                                                                                  0x6d83519b
                                                                                  0x6d83519b
                                                                                  0x6d83519e
                                                                                  0x6d8351a7
                                                                                  0x6d8351a9
                                                                                  0x6d8351a9
                                                                                  0x6d8351b5
                                                                                  0x6d8351b8
                                                                                  0x6d8351bb
                                                                                  0x6d8351be
                                                                                  0x6d8351c1
                                                                                  0x6d8351c5
                                                                                  0x6d8351c9
                                                                                  0x6d8351cd
                                                                                  0x6d8351cd
                                                                                  0x6d8351d8
                                                                                  0x6d8351dc
                                                                                  0x6d8351e0
                                                                                  0x6d876dcc
                                                                                  0x6d876dd0
                                                                                  0x6d876dd5
                                                                                  0x6d876ddd
                                                                                  0x6d876de1
                                                                                  0x6d876de1
                                                                                  0x6d876de5
                                                                                  0x6d876deb
                                                                                  0x6d876df1
                                                                                  0x6d876df7
                                                                                  0x6d876dfd
                                                                                  0x6d876e01
                                                                                  0x6d876e05
                                                                                  0x6d876e09
                                                                                  0x6d876e0d
                                                                                  0x6d876e11
                                                                                  0x6d876e11
                                                                                  0x6d8351eb
                                                                                  0x6d876e1a
                                                                                  0x6d876e1f
                                                                                  0x6d876e21
                                                                                  0x6d876e23
                                                                                  0x00000000
                                                                                  0x6d8351f1
                                                                                  0x6d8351f1
                                                                                  0x00000000
                                                                                  0x6d8351f1

                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,?,00000000,?,?,00000000,?,000000A0,?), ref: 6D835234
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: c448e2139241a029f3c7bcf69222cfbda448545b65261d6f505d5b81f7a2d8f5
                                                                                  • Instruction ID: 43e658a9c1846e7824533b58a8dba850d7f32f6341abbcbab413d0534d2530e6
                                                                                  • Opcode Fuzzy Hash: c448e2139241a029f3c7bcf69222cfbda448545b65261d6f505d5b81f7a2d8f5
                                                                                  • Instruction Fuzzy Hash: FEC132755083818FD355CF28C484A6AFBF1BF89308F148A6EF9998B352D771E845CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82B73D, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-1334570610
                                                                                  • Opcode ID: e33bdfb214d832f07639b9032a2ac5f1cc7261fb2815616c6c87009faa027e78
                                                                                  • Instruction ID: bb5efdbc5366f98bd047c79881b805034f47be220b8ab36f19c56ac4ea290212
                                                                                  • Opcode Fuzzy Hash: e33bdfb214d832f07639b9032a2ac5f1cc7261fb2815616c6c87009faa027e78
                                                                                  • Instruction Fuzzy Hash: 8661BDB0605246DFDB29CF29C488B6ABBF5FF45344F15896AE8498B249D730F881CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80E8B0, Relevance: 10.7, APIs: 7, Instructions: 190memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,6D8F66C0,?,6D8F84D8,?,?,6D80E887,?,00000010,00000000,6D8F8638), ref: 6D86568A
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,6D8F66C0,?,6D8F84D8,?,?,6D80E887,?,00000010,00000000,6D8F8638), ref: 6D8656A9
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000004,6D8F66C0,?,6D8F84D8,?,?,6D80E887,?,00000010,00000000,6D8F8638), ref: 6D8656C8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3298025750-0
                                                                                  • Opcode ID: d9f09a32411bd6bcc049ded3e19f943102f140672faf9ce3a0d086cb502f8a92
                                                                                  • Instruction ID: cea8ed83a0f4c14bf1dcd3a49b54c72165200a4aa624e02971f4854e63388d93
                                                                                  • Opcode Fuzzy Hash: d9f09a32411bd6bcc049ded3e19f943102f140672faf9ce3a0d086cb502f8a92
                                                                                  • Instruction Fuzzy Hash: 617148B2598B86CFD3628E19CE48B32B7E1BF51775F104E5DEAE1869E2D720A440CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D887365, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlRunOnceExecuteOnce.BCCB(6D8F86E4,6D849490,00000000,00000000,00000000,00000000), ref: 6D88739F
                                                                                  • ZwQuerySystemInformation.BCCB(00000067,?,00000008,00000000,6D8F86E4,6D849490,00000000,00000000,00000000,00000000), ref: 6D8873D7
                                                                                    • Part of subcall function 6D849860: LdrInitializeThunk.NTDLL(6D8915BB,00000073,?,00000008,00000000,?,00000568), ref: 6D84986A
                                                                                  • RtlCaptureContext.BCCB(?,6D8F86E4,6D849490,00000000,00000000,00000000,00000000), ref: 6D8875C9
                                                                                  • memset.BCCB(?,00000000,00000050,?,6D8F86E4,6D849490,00000000,00000000,00000000,00000000), ref: 6D8875D8
                                                                                  • RtlReportException.BCCB(C0000409,?,0000001E,00000000,00000000), ref: 6D88761A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Once$CaptureContextExceptionExecuteInformationInitializeQueryReportSystemThunkmemset
                                                                                  • String ID: -
                                                                                  • API String ID: 3658138377-2547889144
                                                                                  • Opcode ID: 9b602223c6d95a2ae47e156042418b6fb2c3031669683ce846b6d0e808bcabe3
                                                                                  • Instruction ID: 0aaed357638a9629f0a79eeb58e8a0d99105b0989fb6ea333007bbe6295e9615
                                                                                  • Opcode Fuzzy Hash: 9b602223c6d95a2ae47e156042418b6fb2c3031669683ce846b6d0e808bcabe3
                                                                                  • Instruction Fuzzy Hash: 21818EB0E0522C9ADB60CF6AC984BDDFBF4BB48314F5085AEE60CA7241D7705A85CF59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D803FC5, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 131COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,6D8C3933,RtlGetUserInfoHeap), ref: 6D8603D9
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6D8C3933,RtlGetUserInfoHeap), ref: 6D8603E6
                                                                                  • DbgPrint.BCCB(Invalid address specified to %s( %p, %p ),?,?,?,?,?,?,?,6D8C3933,RtlGetUserInfoHeap), ref: 6D8603F9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                  • API String ID: 3558298466-1151232445
                                                                                  • Opcode ID: 48f95b07831f2482cd909a26bcbb7be965902e6eb8c1e7020cbed6e2059633a8
                                                                                  • Instruction ID: b7bdf95c8344b9aea7b9dca44c37b3cf8d2b82d3ec604e7b67d1c0c395f94b32
                                                                                  • Opcode Fuzzy Hash: 48f95b07831f2482cd909a26bcbb7be965902e6eb8c1e7020cbed6e2059633a8
                                                                                  • Instruction Fuzzy Hash: B8417830244382CFEB65CB1EC9CC77673A1AF5AB28F04CC69E5559B242C3B6D485C766
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D839ED0, Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,FFFFFFFE,000000FF,FFFFFFFE), ref: 6D879836
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,FFFFFFFE,000000FF,FFFFFFFE), ref: 6D87984A
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?), ref: 6D87987A
                                                                                  • RtlAcquireSRWLockShared.BCCB(?), ref: 6D879897
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?), ref: 6D8798B3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Lock$ExclusiveRelease$AcquireShared
                                                                                  • String ID:
                                                                                  • API String ID: 1363392280-0
                                                                                  • Opcode ID: 688a337dac4e851413f0ec5f61124e081631620ab6096ab0831448190c3edd25
                                                                                  • Instruction ID: 1bf413f10aefed3a52b65dc5cb79e23e145272b34cd705e0d740c173ede66767
                                                                                  • Opcode Fuzzy Hash: 688a337dac4e851413f0ec5f61124e081631620ab6096ab0831448190c3edd25
                                                                                  • Instruction Fuzzy Hash: 5F41AE3261C2568BC704DE2DC808B5FB7E5EFD5318F1A8D4DF898A7281DA34E90887D2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80649B, Relevance: 10.6, APIs: 7, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlLcidToLocaleName.BCCB(?,?,00000002,00000000), ref: 6D8064F1
                                                                                  • RtlGetParentLocaleName.BCCB(00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6D80651A
                                                                                  • RtlLocaleNameToLcid.BCCB(?,00000006,00000003,00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6D80656D
                                                                                  • RtlLcidToLocaleName.BCCB(?,?,00000002,00000001,?,?,00000002,00000000), ref: 6D86192B
                                                                                  • RtlGetParentLocaleName.BCCB(00000002,00000002,00000006,00000001,00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6D861962
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: LocaleName$Lcid$Parent
                                                                                  • String ID:
                                                                                  • API String ID: 3691507993-0
                                                                                  • Opcode ID: e7ac7ad3dccc88cc94a335ca2a9adea79e4a5ca4a5c9e1f6c6df509667167f72
                                                                                  • Instruction ID: 6aef6268469dcd8beecf918deee7eee6a19446d16edf269ab4204648cb90024f
                                                                                  • Opcode Fuzzy Hash: e7ac7ad3dccc88cc94a335ca2a9adea79e4a5ca4a5c9e1f6c6df509667167f72
                                                                                  • Instruction Fuzzy Hash: BE415E725187469FD311CF288845A6FB6E9FF88B58F410D2ABA84D7250E730CE548BE3
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D834020, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetSuiteMask.BCCB(00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6D8340B3
                                                                                  • RtlGetNtProductType.BCCB(?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6D8340D6
                                                                                  • RtlInitUnicodeString.BCCB(?,TerminalServices-RemoteConnectionManager-AllowAppServerMode,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6D8340F1
                                                                                  • ZwQueryLicenseValue.BCCB(?,?,?,00000004,?,?,TerminalServices-RemoteConnectionManager-AllowAppServerMode,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6D834108
                                                                                  • RtlGetSuiteMask.BCCB(00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6D834155
                                                                                  Strings
                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 6D8340E8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: MaskSuite$InitLicenseProductQueryStringTypeUnicodeValue
                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                                  • API String ID: 2592082795-996340685
                                                                                  • Opcode ID: a4067267077542ac5a2971d70a2f00109b3787e60604e474dbdbb4b04c71eb17
                                                                                  • Instruction ID: c1515d2ff897214a8b9b0c4f71006e34e02f0c0f914dd600678d8191fb80db2c
                                                                                  • Opcode Fuzzy Hash: a4067267077542ac5a2971d70a2f00109b3787e60604e474dbdbb4b04c71eb17
                                                                                  • Instruction Fuzzy Hash: 48418D75A04B5A9AC725DFF8C4456EAB7F4EF99304F014C2EE6AAC3200E331A544CBE1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82B8E4, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,-00000020,?,6D82B7BF,-00010018,?,00000000,?,-00000018,?), ref: 6D872C77
                                                                                  • DbgPrint.BCCB((ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size),?,-00000020,?,6D82B7BF,-00010018,?,00000000,?,-00000018,?), ref: 6D872C8F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 3558298466-2558761708
                                                                                  • Opcode ID: eb63c1891e99f2d9ff707d3b50dd8e210c6f812ffc95576d92f7f75af16c068b
                                                                                  • Instruction ID: 4ed3862c34a247dd90e41969023112a73034d0352ea42ad87dbf07588aaa1956
                                                                                  • Opcode Fuzzy Hash: eb63c1891e99f2d9ff707d3b50dd8e210c6f812ffc95576d92f7f75af16c068b
                                                                                  • Instruction Fuzzy Hash: FA11AF3172A1069BD7298B19C88CB3AB3B5EB81764F158C2AE14ACB354E734E984C6C1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D809240, Relevance: 10.6, APIs: 7, Instructions: 63memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwClose.BCCB(00000000,6D8DF708,0000000C,6D809219), ref: 6D80925A
                                                                                  • ZwClose.BCCB(00000000,6D8DF708,0000000C,6D809219), ref: 6D809279
                                                                                  • RtlFreeHeap.BCCB(?,?,?,00000000,6D8DF708,0000000C,6D809219), ref: 6D809295
                                                                                  • RtlFreeHeap.BCCB(?,?,00000000,?,?,?,00000000,6D8DF708,0000000C,6D809219), ref: 6D8092B1
                                                                                  • RtlFreeHeap.BCCB(?,?,?,?,?,00000000,?,?,?,00000000,6D8DF708,0000000C,6D809219), ref: 6D8092CD
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F86B4,?,?,?,?,?,00000000,?,?,?,00000000,6D8DF708,0000000C,6D809219), ref: 6D8092D7
                                                                                  • RtlFreeHeap.BCCB(?,?,?,6D8F86B4,?,?,?,?,?,00000000,?,?,?,00000000,6D8DF708,0000000C), ref: 6D80931A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: FreeHeap$Close$AcquireExclusiveLock
                                                                                  • String ID:
                                                                                  • API String ID: 3557490396-0
                                                                                  • Opcode ID: deabd25907f64af3a2be375b40e4e9fa21ad8cec48eb7fa652579d6507bf6553
                                                                                  • Instruction ID: b5db7c9f48e2efdcaf6887cde82aa4cb326511889cae432e9f883e19df73ca24
                                                                                  • Opcode Fuzzy Hash: deabd25907f64af3a2be375b40e4e9fa21ad8cec48eb7fa652579d6507bf6553
                                                                                  • Instruction Fuzzy Hash: CC2139B1445600DFC721EF29CE48F59B7B9FF18708F16896CE249866A2CB34E951CB84
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8D4015, Relevance: 10.5, APIs: 7, Instructions: 49memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,000000A0,?,?,?,6D876D7C,?,?,00000000,?,?,6D834E1B,0000000F), ref: 6D8D402F
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F86AC,?,?,000000A0,?,?,?,6D876D7C,?,?,00000000,?,?,6D834E1B,0000000F), ref: 6D8D4046
                                                                                    • Part of subcall function 6D822280: RtlDllShutdownInProgress.BCCB(00000000), ref: 6D8222BA
                                                                                    • Part of subcall function 6D822280: ZwWaitForAlertByThreadId.BCCB(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6D8223A3
                                                                                  • RtlRbRemoveNode.BCCB(6D8F86D4,?,6D8F86AC,?,?,000000A0,?,?,?,6D876D7C,?,?,00000000,?,?,6D834E1B), ref: 6D8D4051
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F86AC,6D8F86D4,?,6D8F86AC,?,?,000000A0,?,?,?,6D876D7C,?,?,00000000,?,?), ref: 6D8D4057
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,6D8F86AC,6D8F86D4,?,6D8F86AC,?,?,000000A0,?,?,?,6D876D7C,?,?,00000000,?), ref: 6D8D4062
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,6D8F86AC,6D8F86D4,?,6D8F86AC,?,?,000000A0,?,?,?,6D876D7C,?), ref: 6D8D407C
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,6D8F86AC,6D8F86D4,?,6D8F86AC,?,?,000000A0,?,?,?,6D876D7C,?), ref: 6D8D408C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireFreeHeapRelease$AlertNodeProgressRemoveShutdownThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 83280457-0
                                                                                  • Opcode ID: f0566742a352c58c7b624a68c6c48d5af33c8527a836b6800b49cdb6b8b51221
                                                                                  • Instruction ID: 8a1c8b1a6f33eb4526e315197c5e982207f9f022f135fa4f243150872ac4ac91
                                                                                  • Opcode Fuzzy Hash: f0566742a352c58c7b624a68c6c48d5af33c8527a836b6800b49cdb6b8b51221
                                                                                  • Instruction Fuzzy Hash: 2F01F7B22055457FC3509B7DCD88E13F7BCFF49664B010A25F20883A51CB24EC51C6E4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D89FF10, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p,?,000000FF,?,6D8E09B0,00000014,6D81EBD8,?,?,?,00000000,?,6D801E03,?), ref: 6D89FF69
                                                                                  • RtlDecodePointer.BCCB(6D8E09B0,00000014,6D81EBD8,?,?,?,00000000,?,6D801E03,?,6D801D6E,?), ref: 6D89FF78
                                                                                  • RtlRaiseStatus.BCCB(C0000264,6D8E09B0,00000014,6D81EBD8,?,?,?,00000000,?,6D801E03,?,6D801D6E,?), ref: 6D89FF89
                                                                                  • RtlDebugPrintTimes.BCCB(?,C0000264,6D8E09B0,00000014,6D81EBD8,?,?,?,00000000,?,6D801E03,?,6D801D6E,?), ref: 6D89FF9A
                                                                                  • RtlpNotOwnerCriticalSection.BCCB ref: 6D89FFB1
                                                                                  Strings
                                                                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 6D89FF60
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$CriticalDebugDecodeOwnerPointerRaiseRtlpSectionStatusTimes
                                                                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                  • API String ID: 2675442896-1911121157
                                                                                  • Opcode ID: d63fa2b52dfe5c1dd4f811bafcf89ac983ff011a03b5cfddaea30c01f62e2baf
                                                                                  • Instruction ID: c3a4694a66f3bf0280c1db0e973d49c9347556dbd4aa2861ca8334e1daeb7d2b
                                                                                  • Opcode Fuzzy Hash: d63fa2b52dfe5c1dd4f811bafcf89ac983ff011a03b5cfddaea30c01f62e2baf
                                                                                  • Instruction Fuzzy Hash: 44110471910144EFDF12CF58C94CFA8B7B1FF49705F118844F508AB261CB399990CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D805AC0, Relevance: 9.2, APIs: 6, Instructions: 222COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memcpy.BCCB(?,?,00000200,?,000001FF,?,?,?,?), ref: 6D805BE1
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3510742995-0
                                                                                  • Opcode ID: 0a49ddac34be32c5baa49f62439dab239f169edd71fed7daa49646fd9d9b1b3d
                                                                                  • Instruction ID: 466dcda5aacafbfe59682b82d70e8cba6b70308cd70b534870553c0c83b085aa
                                                                                  • Opcode Fuzzy Hash: 0a49ddac34be32c5baa49f62439dab239f169edd71fed7daa49646fd9d9b1b3d
                                                                                  • Instruction Fuzzy Hash: 8581C7B1A0425E8BDB21CE18CD54BEA77B8EF45314F0149E9AA15E3281E774DAC18BB4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80B171, Relevance: 9.2, APIs: 6, Instructions: 166nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwQueryDebugFilterState.BCCB(?,6D84B627,6D8DF7A8,00000090,6D80B16E,00000003,6D84B627,0000000A,00000001,00000000,0000000A,6D84B627,Invalid parameter passed to C runtime function.), ref: 6D80B1C4
                                                                                  • _alloca_probe_16.BCCB(6D8DF7A8,00000090,6D80B16E,00000003,6D84B627,0000000A,00000001,00000000,0000000A,6D84B627,Invalid parameter passed to C runtime function.), ref: 6D864835
                                                                                  • memcpy.BCCB(?,?,?,6D8DF7A8,00000090,6D80B16E,00000003,6D84B627,0000000A,00000001,00000000,0000000A,6D84B627), ref: 6D864866
                                                                                  • _vsnprintf.BCCB(?,-00000081,?,?,0000000A,6D84B627), ref: 6D8648AD
                                                                                  • ZwWow64DebuggerCall.BCCB(00000001,00000000,7FFE02D4,?,6D84B627,6D8DF7A8,00000090,6D80B16E,00000003,6D84B627,0000000A,00000001,00000000,0000000A,6D84B627,Invalid parameter passed to C runtime function.), ref: 6D864986
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CallDebugDebuggerFilterQueryStateWow64_alloca_probe_16_vsnprintfmemcpy
                                                                                  • String ID:
                                                                                  • API String ID: 1346858437-0
                                                                                  • Opcode ID: 992d53934df001d37507372afc456261d1fc1d9499f7958f097303ebf8295377
                                                                                  • Instruction ID: 839b53b8e9733fca255103611f32753f274a47311b4bd9481dadce27c5331fd5
                                                                                  • Opcode Fuzzy Hash: 992d53934df001d37507372afc456261d1fc1d9499f7958f097303ebf8295377
                                                                                  • Instruction Fuzzy Hash: 60510971D0829A8EDB21CF6CC8587BD7BB0FF89724F1185ADE85897291D77049418FA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8D740D, Relevance: 9.1, APIs: 6, Instructions: 141memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlCompareMemory.BCCB(00000018,?,00000000,00000000,00000000,00000000,00000000,00000000,?,6D8814C4,0000000C,?,?,00000000,00000066,00000000), ref: 6D8D743C
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,0000001A,00000000,00000000,00000000,00000000,00000000,?,6D8814C4,0000000C,?,?,00000000,00000066,00000000), ref: 6D8D7464
                                                                                  • memcpy.BCCB(00000018,?,00000000,?,00000008,0000001A,00000000,00000000,00000000,00000000,00000000,?,6D8814C4,0000000C,?,?), ref: 6D8D7484
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,00000018,00000000,00000066,00000000), ref: 6D8D74AC
                                                                                  • memcmp.BCCB(00000066,00000008,00000010,00000018,?,00000000,00000000,00000000,00000000,00000000,00000000,?,6D8814C4,0000000C,?,?), ref: 6D8D7527
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,00000018,00000000,00000066,00000000), ref: 6D8D7546
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap$CompareMemorymemcmpmemcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3500240269-0
                                                                                  • Opcode ID: 53f0b23cde38d8cbdebcfad0d89ab03898b2aa5ba471344c79297c4b5cd44298
                                                                                  • Instruction ID: 0c3ae8daac5b2e7049ba1e8e8425418e8479cb840a468716016787399a127962
                                                                                  • Opcode Fuzzy Hash: 53f0b23cde38d8cbdebcfad0d89ab03898b2aa5ba471344c79297c4b5cd44298
                                                                                  • Instruction Fuzzy Hash: FF51AD71A00606EFDB56CF18C884E5ABBB5FF45304F15C4AAE9099F251E371E986CFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8319B8, Relevance: 9.1, APIs: 6, Instructions: 127nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F7B60,?,00000000,?,00000000,?,6D8108B8,?,?,?,?,?,6D860AF4,?), ref: 6D8319DE
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F7B60,6D8F7B60,?,00000000,?,00000000,?,6D8108B8,?,?,?,?,?,6D860AF4,?), ref: 6D831A38
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F7B60,6D8F7B60,6D8108B8,?,?,?,?,?,6D860AF4,?), ref: 6D831A74
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F7B60,6D8F7B60,6D8F7B60,6D8108B8,?,?,?,?,?,6D860AF4,?), ref: 6D831AB9
                                                                                  • ZwWaitForSingleObject.BCCB(?,00000000,00000000,6D8F7B60,6D8F7B60,?,00000000,?,00000000,?,6D8108B8,?,?,?,?), ref: 6D831ADF
                                                                                  • RtlQueryInformationActivationContext.BCCB(00000001,00000000,00000000,?,?,?,?,?,6D8F7B60,?,00000000,?,00000000,?,6D8108B8), ref: 6D831B37
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeave$ActivationContextInformationObjectQuerySingleWait
                                                                                  • String ID:
                                                                                  • API String ID: 970085952-0
                                                                                  • Opcode ID: 69e355c1ba3f459c22909c499462039200457e4bc2bf57cb5beb7c9884618e91
                                                                                  • Instruction ID: b37e3e53134a57d6a9159b792303ea6f3dadd2b27f3c8a37d9ab426ecedb4ed2
                                                                                  • Opcode Fuzzy Hash: 69e355c1ba3f459c22909c499462039200457e4bc2bf57cb5beb7c9884618e91
                                                                                  • Instruction Fuzzy Hash: 3241AE31D482159BFB118FA8AC2CF657BB4BB4BBA1F274C5AE94847280D7704C12CBC1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D810100, Relevance: 9.1, APIs: 6, Instructions: 122nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F861C,6D8DF848,0000001C,6D80F66C,?,00000000,6D8F52D8), ref: 6D810120
                                                                                  • ZwUnmapViewOfSection.BCCB(000000FF,?,6D8F861C,6D8DF848,0000001C,6D80F66C,?,00000000,6D8F52D8), ref: 6D8101AF
                                                                                  • ZwClose.BCCB(?,000000FF,?,6D8F861C,6D8DF848,0000001C,6D80F66C,?,00000000,6D8F52D8), ref: 6D8101BD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AcquireCloseExclusiveLockSectionUnmapView
                                                                                  • String ID:
                                                                                  • API String ID: 1629747488-0
                                                                                  • Opcode ID: 1b146008aca0042f5187d1617167d139b607bb8de2de2d95d7d3403ac5774b14
                                                                                  • Instruction ID: d5874c702d0df22f610404a274988f1b5134fb4fc99e1b2c17a9be961724c1b8
                                                                                  • Opcode Fuzzy Hash: 1b146008aca0042f5187d1617167d139b607bb8de2de2d95d7d3403ac5774b14
                                                                                  • Instruction Fuzzy Hash: 0041E23198834ACFCF42DF69CD89BAA77B4FF0A364F114A55E410AB292D3358954CBE0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8B3D40, Relevance: 9.1, APIs: 6, Instructions: 98memorytimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F8A6C,?,00000000,00000000,?,?,?,?,?,?,6D8B3CAA,00000000,00008000,?), ref: 6D8B3D7A
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F8A6C,6D8F8A6C,?,00000000,00000000,?,?,?,?,?,?,6D8B3CAA,00000000,00008000,?), ref: 6D8B3DA1
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,6D8F8A6C,6D8F8A6C,?,00000000,00000000,?,?,?,?,?,?,6D8B3CAA,00000000,00008000), ref: 6D8B3DB0
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F8A6C,?,?,?,?,?,?,6D8B3CAA,00000000,00008000,?), ref: 6D8B3DC6
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F8A6C,6D8F8A6C,?,00000000,00000000,?,?,?,?,?,?,6D8B3CAA,00000000,00008000,?), ref: 6D8B3E1A
                                                                                  • RtlFreeHeap.BCCB(?,00000000,6D8F8A6C,6D8F8A6C,6D8F8A6C,6D8F8A6C,?,00000000,00000000,?,?,?,?,?,?,6D8B3CAA), ref: 6D8B3E4E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireRelease$DebugFreeHeapPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 1017367878-0
                                                                                  • Opcode ID: ddb29080cf90dea78a38d338bd26a2830f45a2f43ce1f6d31419a8f114a08c09
                                                                                  • Instruction ID: f425dab0b68fa14160e9108995f9d9900360c52aa26182a938d49f2417c77274
                                                                                  • Opcode Fuzzy Hash: ddb29080cf90dea78a38d338bd26a2830f45a2f43ce1f6d31419a8f114a08c09
                                                                                  • Instruction Fuzzy Hash: 6A3124B25093029FC700CF18D58896ABBF1FB85654F45896EF4989B751E730ED09CBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8CA189, Relevance: 9.1, APIs: 6, Instructions: 96nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F6220,00000000,?,?,?), ref: 6D8CA1AE
                                                                                  • ZwGetNlsSectionPtr.BCCB(0000000C,?,00000000,?,?,6D8F6220,00000000,?,?,?), ref: 6D8CA1E8
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F6220,?,00000000,00000000,?,0000000C,?,00000000,00000050,6D8F6220,00000000,?,?,?), ref: 6D8CA252
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireReleaseSection
                                                                                  • String ID:
                                                                                  • API String ID: 1496884002-0
                                                                                  • Opcode ID: 184293d041d8a9043d5faa1422ea35db7dbd37df6cec8a5e970f7c78b6c9cb26
                                                                                  • Instruction ID: 92e33a314fbc67a228dbc2ac0472d3f1609aa02e8ebb529ff8d0a61cf7c61495
                                                                                  • Opcode Fuzzy Hash: 184293d041d8a9043d5faa1422ea35db7dbd37df6cec8a5e970f7c78b6c9cb26
                                                                                  • Instruction Fuzzy Hash: A8310272A4821AEBD7128B9CC848F6ABBBCEF45754F01486AF615DB340DB71CD0187D1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80F7C0, Relevance: 9.1, APIs: 6, Instructions: 64nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,00000000,?,6D883777,00000000,00000000,00000000,?,?,6D7EC2A8,00000001,?), ref: 6D80F7F5
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,00000000,?,6D883777,00000000,00000000,00000000,?,?,6D7EC2A8,00000001,?), ref: 6D80F860
                                                                                    • Part of subcall function 6D80F8C8: RtlAcquireSRWLockExclusive.BCCB(6D8F86AC,?,00000000,?,6D80F813,?,?,00000000,00000000,?,6D883777,00000000,00000000,00000000,?,?), ref: 6D80F8D5
                                                                                    • Part of subcall function 6D80F8C8: RtlRbRemoveNode.BCCB(6D8F86DC,?,6D8F86AC,?,00000000,?,6D80F813,?,?,00000000,00000000,?,6D883777,00000000,00000000,00000000), ref: 6D80F8E0
                                                                                    • Part of subcall function 6D80F8C8: RtlReleaseSRWLockExclusive.BCCB(6D8F86AC,6D8F86DC,?,6D8F86AC,?,00000000,?,6D80F813,?,?,00000000,00000000,?,6D883777,00000000,00000000), ref: 6D80F8EE
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,00000000,?,6D883777,00000000,00000000,00000000,?,?,6D7EC2A8,00000001,?), ref: 6D80F814
                                                                                  • ZwClose.BCCB(?,?,?,?,00000000,00000000,?,6D883777,00000000,00000000,00000000,?,?,6D7EC2A8,00000001,?), ref: 6D80F82E
                                                                                  • RtlSetLastWin32Error.BCCB(00000006,?,00000000,00000000,?,6D883777,00000000,00000000,00000000,?,?,6D7EC2A8,00000001,?), ref: 6D80F867
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$Acquire$CloseErrorLastNodeRemoveWin32
                                                                                  • String ID:
                                                                                  • API String ID: 2169420607-0
                                                                                  • Opcode ID: 1276daf3b8040ef17d6b23c35fb93c66636aeeac95ff6fcde3a24f00f8f263f8
                                                                                  • Instruction ID: 82a14ed35748d4a83402cd69ffc396cce38c1e37e8aa75f2573961300b637b94
                                                                                  • Opcode Fuzzy Hash: 1276daf3b8040ef17d6b23c35fb93c66636aeeac95ff6fcde3a24f00f8f263f8
                                                                                  • Instruction Fuzzy Hash: E611B23628920697DB01AF1ACCC8BFA3329FFA5B14F418929EE145F145DB20988587A8
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D89C450, Relevance: 9.1, APIs: 6, Instructions: 53nativememorythreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwAdjustPrivilegesToken.BCCB(00000000,00000000,?,00000000,00000000,00000000,?,00000000,00800000,?,6D869A59,?,?,000000FF,00000018,00000000), ref: 6D89C471
                                                                                  • ZwSetInformationThread.BCCB(000000FE,00000005,00000004,00000004,?,00000000,00800000,?,6D869A59,?,?,000000FF,00000018,00000000,00000000,00000000), ref: 6D89C488
                                                                                  • ZwClose.BCCB(00000004,000000FE,00000005,00000004,00000004,?,00000000,00800000,?,6D869A59,?,?,000000FF,00000018,00000000,00000000), ref: 6D89C493
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,00000000,00800000,?,6D869A59,?,?,000000FF,00000018,00000000,00000000,00000000,00000000), ref: 6D89C4AD
                                                                                  • ZwClose.BCCB(00000000,?,00000000,00800000,?,6D869A59,?,?,000000FF,00000018,00000000,00000000,00000000,00000000,00000001,00800000), ref: 6D89C4B4
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,?,00000000,00800000,?,6D869A59,?,?,000000FF,00000018,00000000,00000000,00000000), ref: 6D89C4C4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CloseFreeHeap$AdjustInformationPrivilegesThreadToken
                                                                                  • String ID:
                                                                                  • API String ID: 2345910567-0
                                                                                  • Opcode ID: cb7d4b5cc4fed82b388a5ceaa9f75f3cea1cf4035457c2075ca64b83e3d10f5c
                                                                                  • Instruction ID: c61851deb95353757e5fe7d8fc264d81c9dacb6a13881b2195d3972aaeef7573
                                                                                  • Opcode Fuzzy Hash: cb7d4b5cc4fed82b388a5ceaa9f75f3cea1cf4035457c2075ca64b83e3d10f5c
                                                                                  • Instruction Fuzzy Hash: EF01F971240509BFE7119F29CD84E76F76DFF54754F118929F25446560C732ECA0C6A0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D891242, Relevance: 9.0, APIs: 6, Instructions: 31nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwUnmapViewOfSection.BCCB(000000FF,?,6D89122C,6D8E07D0,00000058,6D890C91,?,00000000,?,00000000,?,?,?,6D8BB56B,00000000,?), ref: 6D89124C
                                                                                  • ZwClose.BCCB(?,000000FF,?,6D89122C,6D8E07D0,00000058,6D890C91,?,00000000,?,00000000,?,?,?,6D8BB56B,00000000), ref: 6D89125A
                                                                                  • ZwClose.BCCB(?,000000FF,?,6D89122C,6D8E07D0,00000058,6D890C91,?,00000000,?,00000000,?,?,?,6D8BB56B,00000000), ref: 6D891267
                                                                                  • ZwClose.BCCB(?,6D89122C,6D8E07D0,00000058,6D890C91,?,00000000,?,00000000,?,?,?,6D8BB56B,00000000,?,00000000), ref: 6D891275
                                                                                  • ZwClose.BCCB(?,6D89122C,6D8E07D0,00000058,6D890C91,?,00000000,?,00000000,?,?,?,6D8BB56B,00000000,?,00000000), ref: 6D891286
                                                                                  • ZwClose.BCCB(?,6D89122C,6D8E07D0,00000058,6D890C91,?,00000000,?,00000000,?,?,?,6D8BB56B,00000000,?,00000000), ref: 6D891297
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Close$SectionUnmapView
                                                                                  • String ID:
                                                                                  • API String ID: 682624529-0
                                                                                  • Opcode ID: df9b40cab72dcffc0bbba800b8aff6860ab2831aacd6ae3e33e08911f29cf166
                                                                                  • Instruction ID: a49daf8be7ff2ea4ff16e4067a1801d6b9cf0ca44d5213bdf2ed1a616e3f17b2
                                                                                  • Opcode Fuzzy Hash: df9b40cab72dcffc0bbba800b8aff6860ab2831aacd6ae3e33e08911f29cf166
                                                                                  • Instruction Fuzzy Hash: D8F0AF70D0920DAADF15FFF8E9887ADBB7DAF10215F218A2DF161651A0DB714490DB40
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D830548, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F7B60,?,00000000,01000000,?,6D830408,?,00000000,00000024), ref: 6D830576
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F7B60,6D8F8544,?,00000001,?,?,?,?,?,6D8F7B60,?,00000000,01000000), ref: 6D83059F
                                                                                  • RtlRbInsertNodeEx.BCCB(6D8F8544,?,00000001,?,?,?,?,?,6D8F7B60,?,00000000,01000000), ref: 6D8305F6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterInsertLeaveNode
                                                                                  • String ID: `
                                                                                  • API String ID: 1141981990-2679148245
                                                                                  • Opcode ID: a3047575b0d26d489c5bd08f4606ba0cc70c6a0d402d1a85ef9d9e3917768219
                                                                                  • Instruction ID: 72589186adf5429a5fcad8a73c7936ec4150908e5e513bade747edbe052434ff
                                                                                  • Opcode Fuzzy Hash: a3047575b0d26d489c5bd08f4606ba0cc70c6a0d402d1a85ef9d9e3917768219
                                                                                  • Instruction Fuzzy Hash: 27511871A4832A9BD7128EDE8C09B6FBBB4AF85354F164965E958EB240E3B0D810C7D1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D804439, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 0$Flst
                                                                                  • API String ID: 0-758220159
                                                                                  • Opcode ID: 64f7caa2a7af49f3d2a6f176f4854a8a0dbc3a127930e4788fd5b93418d022ed
                                                                                  • Instruction ID: 18da965a34cd4cea3755ffb1e8a63f88d9eaba9f0d959205af2399dd1f6d4cd5
                                                                                  • Opcode Fuzzy Hash: 64f7caa2a7af49f3d2a6f176f4854a8a0dbc3a127930e4788fd5b93418d022ed
                                                                                  • Instruction Fuzzy Hash: D7418CB0E45649CFDB15CF9AC988BADFBF5EF98314F10882EE1499B240D7709985CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D883884, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwQueryValueKey.BCCB(?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6D8838BF
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6D8838E5
                                                                                  • ZwQueryValueKey.BCCB(00000000,00000000,00000002,00000000,?,?,00000008,?,?,00000000,00000002,00000000,00000000,?,?,00000000), ref: 6D883906
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6D883961
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: HeapQueryValue$AllocateFree
                                                                                  • String ID: BinaryName
                                                                                  • API String ID: 4267586637-215506332
                                                                                  • Opcode ID: dc21707e5deeb75272e2def1c3f95caf90e5645323f11084644422d494c42aee
                                                                                  • Instruction ID: 432e973ce87954a16f70c491744c8a4e9d2188bb27940f322d478599c10a7942
                                                                                  • Opcode Fuzzy Hash: dc21707e5deeb75272e2def1c3f95caf90e5645323f11084644422d494c42aee
                                                                                  • Instruction Fuzzy Hash: B431D47290491AAFDB15CA5DCD49E7BB774FF82720F018969E914E7251D7309E00C7A1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83D294, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93memorynativefileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwQueryAttributesFile.BCCB(?,?,?,?), ref: 6D83D313
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,?,?,?), ref: 6D83D330
                                                                                  • ZwClose.BCCB(00000000,?,?,?,?), ref: 6D87B001
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,00000000,?,?,?,?), ref: 6D87B011
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: FreeHeap$AttributesCloseFileQuery
                                                                                  • String ID: @
                                                                                  • API String ID: 2866988855-2766056989
                                                                                  • Opcode ID: 6ffeb614d9a2d94918b980bace2993433463d95ca6bc185987cc394180dcdb4e
                                                                                  • Instruction ID: b970254309548e18a8f55221495d9a881e5f8575944ca74615a8d36411fb4664
                                                                                  • Opcode Fuzzy Hash: 6ffeb614d9a2d94918b980bace2993433463d95ca6bc185987cc394180dcdb4e
                                                                                  • Instruction Fuzzy Hash: 5E313EB155C3199FC311DF68C988A9BBBE8EBC5B54F024D2EB59893250E634DD04CBD2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D88EA20, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F70A0,-00000054,?,00000000,-00000054,?,6D865D18), ref: 6D88EA52
                                                                                  • DbgPrint.BCCB(AVRF: AVrfDllUnloadNotification called for a provider (%p) ,-00000054,6D8F70A0,-00000054,?,00000000,-00000054,?,6D865D18), ref: 6D88EA69
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F70A0,6D8F70A0,-00000054,?,00000000,-00000054,?,6D865D18), ref: 6D88EAB0
                                                                                  Strings
                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 6D88EA64
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeavePrint
                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                  • API String ID: 1203512206-702105204
                                                                                  • Opcode ID: 7f4aa470e4fedc8186ec7d8bdc1c7ab19ae1fe746d793d9e42b49e87b2d4acc7
                                                                                  • Instruction ID: d139ebc4b40232be742b215d0a3c37aed186a27a5c30021c1c5a3f78d16bcc46
                                                                                  • Opcode Fuzzy Hash: 7f4aa470e4fedc8186ec7d8bdc1c7ab19ae1fe746d793d9e42b49e87b2d4acc7
                                                                                  • Instruction Fuzzy Hash: 021125716082099BE722CF28DC8CF2AB779FFD97A4B010D29F90283552CB32AC05C794
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82B944, Relevance: 7.7, APIs: 5, Instructions: 166nativetimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT(00000000,?,00002710,00000000,?,?,?), ref: 6D82B9A5
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(00000000,?,00002710,00000000,?,?,?), ref: 6D82BA9C
                                                                                  • ZwSetTimer2.BCCB(00000000,?,00000000,?,00000000,?,00002710,00000000,?,?,?), ref: 6D82BAC6
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,?), ref: 6D82BAE9
                                                                                  • ZwCancelTimer2.BCCB(00000000,00000000,?,?,?), ref: 6D82BB03
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSessionTimer2$CancelUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID:
                                                                                  • API String ID: 1220516486-0
                                                                                  • Opcode ID: b9289acaf28cf95e33af5cedffd1bd1824eaa3c6b234ee8236c746cc18de546d
                                                                                  • Instruction ID: 2e77163e4e25f76356ea62edaa9d56dd2c63adf0d00b2410d0c48bafa0f353a2
                                                                                  • Opcode Fuzzy Hash: b9289acaf28cf95e33af5cedffd1bd1824eaa3c6b234ee8236c746cc18de546d
                                                                                  • Instruction Fuzzy Hash: 2F51587061A345CFC720CF29C488A2ABBF5BB89744F558D6EF69587248D731E884CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D858BE8, Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 657COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: '$(null)$(null)
                                                                                  • API String ID: 3558298466-1087929977
                                                                                  • Opcode ID: 34339e692748f17b28731d88e0eb905203840f8125ed89619a07c6ab1e331b14
                                                                                  • Instruction ID: 8019b85811cc45692c9a86f5a4f496f26c25552faa9a3a8002d58a29f6382d01
                                                                                  • Opcode Fuzzy Hash: 34339e692748f17b28731d88e0eb905203840f8125ed89619a07c6ab1e331b14
                                                                                  • Instruction Fuzzy Hash: 2D32B8F19142198ADFA49F18CC887ADB7B5FB45314F4089EAE719A7280D7308EE5CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D809100, Relevance: 7.6, APIs: 5, Instructions: 141nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,6D8DF6E8,0000002C,6D85E530,00000000,?,6D8E01C0,00000010,6D8D810C,00000000,00000000,00000000,00000000,6D8F86C4,6D8F86C4,00000008), ref: 6D809158
                                                                                  • ZwShutdownWorkerFactory.BCCB(?,?), ref: 6D809182
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6D8091C0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AcquireCurrentExclusiveFactoryLockServiceSessionShutdownWorker
                                                                                  • String ID:
                                                                                  • API String ID: 1345183298-0
                                                                                  • Opcode ID: fff280371e5f9c4a96ba5e4ae90abb7bd3b77af1eedeb67ee7928bf22e3bc4cb
                                                                                  • Instruction ID: 5eb0202e9165198a7094b5be8a909d97a530bf27abaec7757148c7b22512707c
                                                                                  • Opcode Fuzzy Hash: fff280371e5f9c4a96ba5e4ae90abb7bd3b77af1eedeb67ee7928bf22e3bc4cb
                                                                                  • Instruction Fuzzy Hash: F851E6B1B09286DFDB01EF6DCC4CBADB7B5BB4E324F198929E414A7280C3389840C791
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8919C8, Relevance: 7.6, APIs: 5, Instructions: 107nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwCreateSection.BCCB(?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6D891A54
                                                                                  • ZwMapViewOfSection.BCCB(?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004,08000000), ref: 6D891A74
                                                                                  • memset.BCCB(?,00000000,000000F0,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?), ref: 6D891A88
                                                                                  • ZwUnmapViewOfSection.BCCB(000000FF,?,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6D891AB8
                                                                                  • ZwClose.BCCB(?,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6D891AC8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Section$View$CloseCreateUnmapmemset
                                                                                  • String ID:
                                                                                  • API String ID: 788617167-0
                                                                                  • Opcode ID: 77c0bd51e630a667eaba0cead26d1e37344295029b98cca860612fa6308b154e
                                                                                  • Instruction ID: 32e1d8706010169e4b5aca44cbd7fa0276032ba8365c4a94f3cb06355018f3ef
                                                                                  • Opcode Fuzzy Hash: 77c0bd51e630a667eaba0cead26d1e37344295029b98cca860612fa6308b154e
                                                                                  • Instruction Fuzzy Hash: A0311EB1E04219ABDB10CF9EC844EAEFBFDAF95714F11856AE950BB250D7704E008BA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D803880, Relevance: 7.6, APIs: 5, Instructions: 97memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TpSetWaitEx.BCCB(000000FF,?,00000000,00000000), ref: 6D8038B7
                                                                                    • Part of subcall function 6D82ECE0: RtlAcquireSRWLockExclusive.BCCB(?,00000000,00000000), ref: 6D82ED2C
                                                                                    • Part of subcall function 6D82ECE0: RtlReleaseSRWLockExclusive.BCCB(?,00000000,00000000,?,00000000,00000000), ref: 6D82ED90
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,00001030,00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000,00000000), ref: 6D8038D1
                                                                                  • ZwGetCompleteWnfStateSubscription.BCCB(00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000,00000000), ref: 6D8038F0
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,?,?,00000000,00000000,00001030,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6D803914
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveHeapLock$AcquireAllocateCompleteFreeReleaseStateSubscriptionWait
                                                                                  • String ID:
                                                                                  • API String ID: 2233382-0
                                                                                  • Opcode ID: d2ffb89c1617473f1710d048641b06348303ea9df0722b41862e931c2130b689
                                                                                  • Instruction ID: feea95607683b6137975fa3f4e467f3ddb667a079cd3ba2eb15125da1069040a
                                                                                  • Opcode Fuzzy Hash: d2ffb89c1617473f1710d048641b06348303ea9df0722b41862e931c2130b689
                                                                                  • Instruction Fuzzy Hash: ED319032E55219BFD721CFAACC48EAEB7B8EB09750F018965F914E7250D7709E408BD0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80A7B0, Relevance: 7.6, APIs: 5, Instructions: 81nativethreadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwOpenProcessTokenEx.BCCB(000000FF,00000002,00000200,?,?,00000000,00800000), ref: 6D80A813
                                                                                  • ZwDuplicateToken.BCCB(?,?,00000018,00000000,00000002,?,000000FF,00000002,00000200,?,?,00000000,00800000), ref: 6D80A831
                                                                                  • ZwSetInformationThread.BCCB(000000FE,00000005,?,00000004,?,?,00000018,00000000,00000002,?,000000FF,00000002,00000200,?,?,00000000), ref: 6D80A846
                                                                                  • ZwClose.BCCB(?,000000FE,00000005,?,00000004,?,?,00000018,00000000,00000002,?,000000FF,00000002,00000200,?), ref: 6D80A858
                                                                                  • ZwClose.BCCB(?,?,?,00000018,00000000,00000002,?,000000FF,00000002,00000200,?,?,00000000,00800000), ref: 6D80A860
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CloseToken$DuplicateInformationOpenProcessThread
                                                                                  • String ID:
                                                                                  • API String ID: 3308950446-0
                                                                                  • Opcode ID: 262528a77b0b51a5395ffaba55c6f3b3af10f1c52a1f5575ffe4876a7728e0a5
                                                                                  • Instruction ID: c4bd5e9bd86c7dcdfcccb31d2b0c40fa0e3b46f835a16634441444d911e82b88
                                                                                  • Opcode Fuzzy Hash: 262528a77b0b51a5395ffaba55c6f3b3af10f1c52a1f5575ffe4876a7728e0a5
                                                                                  • Instruction Fuzzy Hash: 61218871D0421DABDB11DFA9CC45EEFB7B8EF44724F118529EA10B7250E7309901C790
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D804A20, Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6D804A2A
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?), ref: 6D804AB3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentFreeHeapServiceSession
                                                                                  • String ID:
                                                                                  • API String ID: 1159841122-0
                                                                                  • Opcode ID: c89a31c05ea0259e21a621fbcd72cc8b1b6f1aaf6a0f343e5190679cc531b8da
                                                                                  • Instruction ID: 81678710754f7b4ae75feecef23200f03f1732156ae90f8c6690f4cb704c9fa7
                                                                                  • Opcode Fuzzy Hash: c89a31c05ea0259e21a621fbcd72cc8b1b6f1aaf6a0f343e5190679cc531b8da
                                                                                  • Instruction Fuzzy Hash: DB214971298646DFC7219A2EDC0CB1737B5BB9A3B5F114E18F055865E0EB30A841CB9A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8128AE, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(00000000,?,6D8F84D8,6D810924,6D8F84D8,?,6D8F84D8,?,00000000,?,?,?,6D81087C,?,?,?), ref: 6D8128B3
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F5350), ref: 6D8128DA
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(6D8F5350), ref: 6D8128E1
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6D8676AF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSession$CriticalEnterSection
                                                                                  • String ID:
                                                                                  • API String ID: 1555030633-0
                                                                                  • Opcode ID: bbddb8401c7067546feae103c954bcd842ce5c89fef003ccfbc9928e9011feb4
                                                                                  • Instruction ID: fba2d062edb7a6375e885a8ca04010a375cba8736fd4974568de7bcb5d338ec7
                                                                                  • Opcode Fuzzy Hash: bbddb8401c7067546feae103c954bcd842ce5c89fef003ccfbc9928e9011feb4
                                                                                  • Instruction Fuzzy Hash: 7521AA71A4D6C39BE322576D8C4DB343794AB42778F250F61FA309BEE1D76C94448260
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8D3E22, Relevance: 7.6, APIs: 5, Instructions: 62nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwTraceControl.BCCB(0000001A,6D8F5338,00000008,00000000,00000000,?,6D8F5338,00000000,6D8F5320,6D8F5320,6D8F5338,?,6D8F84E0,?,00000001,6D7E5C80), ref: 6D8D3E5D
                                                                                  • RtlNtStatusToDosError.BCCB(00000000,0000001A,6D8F5338,00000008,00000000,00000000,?,6D8F5338,00000000,6D8F5320,6D8F5320,6D8F5338,?,6D8F84E0,?,00000001), ref: 6D8D3E6B
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F8504,00000000,0000001A,6D8F5338,00000008,00000000,00000000,?,6D8F5338,00000000,6D8F5320,6D8F5320,6D8F5338,?,6D8F84E0), ref: 6D8D3E7A
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F8504,6D8F8504,00000000,0000001A,6D8F5338,00000008,00000000,00000000,?,6D8F5338,00000000,6D8F5320,6D8F5320,6D8F5338,?,6D8F84E0), ref: 6D8D3EA1
                                                                                  • RtlSetLastWin32Error.BCCB(00000006,6D8F5338,00000000,6D8F5320,6D8F5320,6D8F5338,?,6D8F84E0,?,00000001,6D7E5C80,6D80591B), ref: 6D8D3EAC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ErrorExclusiveLock$AcquireControlLastReleaseStatusTraceWin32
                                                                                  • String ID:
                                                                                  • API String ID: 1422652320-0
                                                                                  • Opcode ID: 4432acbf776db7bb468a2331a5d17acb80e0beae40a0a36093045e08c78704bc
                                                                                  • Instruction ID: b48be2318db823edd17655123b6623671f26527d5a857f8ae7b5644f6c20ed2e
                                                                                  • Opcode Fuzzy Hash: 4432acbf776db7bb468a2331a5d17acb80e0beae40a0a36093045e08c78704bc
                                                                                  • Instruction Fuzzy Hash: 1811E772604219BACB509F5EC888BAB7BB8EF89B50F414965FD049B1C1DB34DD458BF0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D883971, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwOpenKeyEx.BCCB(00000000,00020019,?,00000000,?,00000000), ref: 6D883A81
                                                                                  Strings
                                                                                  • @, xrefs: 6D883A6B
                                                                                  • \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange, xrefs: 6D883990
                                                                                  • \Registry\Machine\Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\%ws, xrefs: 6D8839AC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Open
                                                                                  • String ID: @$\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange$\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\%ws
                                                                                  • API String ID: 71445658-842945461
                                                                                  • Opcode ID: 2333b6f9cf8dd8285440190fd9ee1c90d051e1efcdc095496ddc0f05b6578305
                                                                                  • Instruction ID: 65243185825ba4549dca33f83f4b36fb82224591766a25e8c13a801a8abe10c6
                                                                                  • Opcode Fuzzy Hash: 2333b6f9cf8dd8285440190fd9ee1c90d051e1efcdc095496ddc0f05b6578305
                                                                                  • Instruction Fuzzy Hash: 01314D75A0122CAADB20DF54DC8CBDEBBB8AF08314F0001DA9509E7201DB349F858F84
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D89176C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwOpenEvent.BCCB(00000568,00100001,?,?,00000000), ref: 6D8917B5
                                                                                  • ZwWaitForSingleObject.BCCB(00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6D8917E1
                                                                                  • ZwClose.BCCB(00000568,00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6D8917EB
                                                                                  Strings
                                                                                  • \KernelObjects\SystemErrorPortReady, xrefs: 6D89178B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CloseEventObjectOpenSingleWait
                                                                                  • String ID: \KernelObjects\SystemErrorPortReady
                                                                                  • API String ID: 2739627308-2278496901
                                                                                  • Opcode ID: 639bd243a4de52be999a3269f77d43a6e1f8fab59c8f6767ec192d59b86ee924
                                                                                  • Instruction ID: 971b4f9ab3c49bbf93a0313240171ad47049620fdf266262160484a8c747a587
                                                                                  • Opcode Fuzzy Hash: 639bd243a4de52be999a3269f77d43a6e1f8fab59c8f6767ec192d59b86ee924
                                                                                  • Instruction Fuzzy Hash: D6117075D1021CAACB10DFA99945AEEFBB8EF89210F11426BE954F7290E7704A04CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80429E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51librarynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB(?,\DllNXOptions,?,?,00000000), ref: 6D8042C7
                                                                                    • Part of subcall function 6D840F48: ZwOpenKey.BCCB(?,?,00000018), ref: 6D841015
                                                                                  • ZwClose.BCCB(?,?,?,?,\DllNXOptions,?,?,00000000), ref: 6D86068E
                                                                                  • LdrQueryImageFileKeyOption.BCCB(?,?,00000004,?,00000004,?,?,?,00000000), ref: 6D8606A6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CloseFileImageInitOpenOptionQueryStringUnicode
                                                                                  • String ID: \DllNXOptions
                                                                                  • API String ID: 166309601-742623237
                                                                                  • Opcode ID: aeb32c21aa838fd5b53e0c3494f95fbcb8d4b641ea872c435407f9b886e7a9ae
                                                                                  • Instruction ID: 0728e9e4490e9b6438c5431d749d3c4a68426090ead84e0cf2d13055f8a0ef3a
                                                                                  • Opcode Fuzzy Hash: aeb32c21aa838fd5b53e0c3494f95fbcb8d4b641ea872c435407f9b886e7a9ae
                                                                                  • Instruction Fuzzy Hash: 9801D476A0021DBACB119A9A9D08E9F777CEF89368F1144A5AB08AB140D7309E0186E4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D818800, Relevance: 6.2, APIs: 4, Instructions: 179COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memcmp.BCCB(6D8F84DC,6D7E1184,00000010,-00000054,?,00000000,00000001,?,6D8F52D8), ref: 6D8188A8
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F86CC,-00000054,?,00000000,00000001,?,6D8F52D8), ref: 6D818901
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F86CC,6D8F86CC,-00000054,?,00000000,00000001,?,6D8F52D8), ref: 6D818933
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F86CC,-00000054,?,00000000,00000001,?,6D8F52D8), ref: 6D869C65
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Acquire$Releasememcmp
                                                                                  • String ID:
                                                                                  • API String ID: 2792186644-0
                                                                                  • Opcode ID: a153a87a747468e32c8bc1378f556180e637ac7718c6f18db1bd177ac42ddfe9
                                                                                  • Instruction ID: 5679c5789fc0f6fec29671d2e5c0b8a5cc8eb0716e5e92ce58d5a6ebbdc8ee72
                                                                                  • Opcode Fuzzy Hash: a153a87a747468e32c8bc1378f556180e637ac7718c6f18db1bd177ac42ddfe9
                                                                                  • Instruction Fuzzy Hash: 5151D87190820BEFDF08DF59C8CAABE77B5FF45314F518869E905AB140D730AA49CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D801AA0, Relevance: 6.1, APIs: 4, Instructions: 123memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlReAllocateHeap.BCCB(?,00000008,00000000,?,00000000,?,?,00000000,C0000017), ref: 6D801B1E
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,?,00000000,?,00002000,00000004,00000000,?,?,00000000,C0000017,?,?,6D8016E0), ref: 6D801B83
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,6D8016E0,00000000,C0000017,00001000,00000004,00000000,?,?,00000000,C0000017,?,?,6D8016E0), ref: 6D801BBD
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,00000000,?,?,00000000,C0000017), ref: 6D801BD8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Allocate$HeapMemoryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 1343662020-0
                                                                                  • Opcode ID: ff884249f956a76cbe8466050f7d8afdfb7191b031ec1569717d03b17d0e24ed
                                                                                  • Instruction ID: e206436268ed477d62a2295c01812a6d09744c5a9960af043a9db480522a836c
                                                                                  • Opcode Fuzzy Hash: ff884249f956a76cbe8466050f7d8afdfb7191b031ec1569717d03b17d0e24ed
                                                                                  • Instruction Fuzzy Hash: C0419F71A04609EFDB24CF99C994AAAB7F8FF09324B21896DE556D7250E330EA44CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80F018, Relevance: 6.1, APIs: 4, Instructions: 95memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,00000000,?,00000001), ref: 6D80F05B
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,00000000,?,00000000,?,00000008,?,00000000,?,00000001), ref: 6D80F07A
                                                                                  • memcpy.BCCB(00000000,0000000C,?,?,?,00000002,00000000,?,00000000,?,00000008,?,00000000,?,00000001), ref: 6D80F0AB
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,00000002,00000000,?,00000000,?,00000008,?,00000000,?,00000001), ref: 6D80F0CB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocateFreeQueryValuememcpy
                                                                                  • String ID:
                                                                                  • API String ID: 125101864-0
                                                                                  • Opcode ID: f6b9efe4b52a4856d400988c6c8340c43cb80f0ce6ef2e524c0764acaf3af869
                                                                                  • Instruction ID: 1fdea90a2fc709d20bf9ab9028b8919a3c2df62b073f724b02661bc741c6613e
                                                                                  • Opcode Fuzzy Hash: f6b9efe4b52a4856d400988c6c8340c43cb80f0ce6ef2e524c0764acaf3af869
                                                                                  • Instruction Fuzzy Hash: 2E31DF32A00609AFEB11CE48CD88B7A73B9EBA5724F21C869FD149B201C374DD40CFA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D831DB5, Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlQueryInformationActivationContext.BCCB(-40000003,?,00000000,00000006,00000000,00000000,00000000,00000000,?,?,?,00000040,-00000054,00000000), ref: 6D831DF7
                                                                                  • RtlQueryInformationActivationContext.BCCB(-40000003,-00000054,00000000,00000006,00000000,00000000,00000000,-40000003,?,00000000,00000006,00000000,00000000,00000000,00000000,?), ref: 6D831E36
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ActivationContextInformationQuery
                                                                                  • String ID:
                                                                                  • API String ID: 2130846384-0
                                                                                  • Opcode ID: 39ad629a20701d3ed16c14f322ca06b3d590f6998de82038df02d262996ece3b
                                                                                  • Instruction ID: 2ab0c232ea33951bfcb3bbf4180f35833b797c0f5e9d257d60bd0bfda9a549da
                                                                                  • Opcode Fuzzy Hash: 39ad629a20701d3ed16c14f322ca06b3d590f6998de82038df02d262996ece3b
                                                                                  • Instruction Fuzzy Hash: 67217F71640229EFD711CF9ACC88EABBBB9FF85B44F124855F90897210D635AE41CBE0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8318B9, Relevance: 6.1, APIs: 4, Instructions: 75nativetimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwCreateTimer2.BCCB(00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6D8318E6
                                                                                  • ZwCreateWaitCompletionPacket.BCCB(0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6D8318F6
                                                                                  • ZwAssociateWaitCompletionPacket.BCCB(?,00000000,00000058,00000060,?,00000000,?,?,0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002), ref: 6D831926
                                                                                  • ZwClose.BCCB(00000058,0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6D875690
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CompletionCreatePacketWait$AssociateCloseTimer2
                                                                                  • String ID:
                                                                                  • API String ID: 56835937-0
                                                                                  • Opcode ID: bf1ccb1c00ae1d0a4058c61d70d066f778e8241c550a5d22c857557e350037fa
                                                                                  • Instruction ID: 0db243dba21cf4a4a91e16ec241bb185eecbfc1109c6f2a0f3f4f79214d321d0
                                                                                  • Opcode Fuzzy Hash: bf1ccb1c00ae1d0a4058c61d70d066f778e8241c550a5d22c857557e350037fa
                                                                                  • Instruction Fuzzy Hash: F72174B1500209BFD711CF99C8C4EAABBB8FF48348F51856EE64497241D771E966CFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D833B7A, Relevance: 6.1, APIs: 4, Instructions: 75memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6D833BB0
                                                                                  • ZwQuerySystemInformationEx.BCCB(0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6D833BCF
                                                                                  • memset.BCCB(6D8743AB,00000000,?,0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6D833BEA
                                                                                  • RtlFreeHeap.BCCB(?,?,00000000,0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6D833C30
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocateFreeInformationQuerySystemmemset
                                                                                  • String ID:
                                                                                  • API String ID: 21860560-0
                                                                                  • Opcode ID: 5f061c67704037dcdb175fd36fd1371d3b51a782f9df352385f9b6fd3ee8a5f3
                                                                                  • Instruction ID: b66a7ef43739b4cc0dcd18bc53ea7b1a9b1a0a8571a2717624a3011ea2a033cb
                                                                                  • Opcode Fuzzy Hash: 5f061c67704037dcdb175fd36fd1371d3b51a782f9df352385f9b6fd3ee8a5f3
                                                                                  • Instruction Fuzzy Hash: FA218EB2A00118AFDB01CF98CD85F5AB7BDFB49748F160868EA08EB251D771AD41CBD0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D804DC0, Relevance: 6.1, APIs: 4, Instructions: 73nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlWakeAddressAllNoFence.BCCB(00000000), ref: 6D804DE8
                                                                                  • RtlRaiseStatus.BCCB(00000000,?,?,?,6D81EBD0,?,?,?,?,00000000,?,6D801E03,?,6D801D6E,?), ref: 6D804E04
                                                                                  • ZwAlpcQueryInformation.BCCB(?,0000000B,FFFFFFFE,00000004,00000000,00000000,000000FF,?,?,00000000,?,?,?,6D81EBD0,?,?), ref: 6D860B73
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AddressAlpcFenceInformationQueryRaiseStatusWake
                                                                                  • String ID:
                                                                                  • API String ID: 3812654406-0
                                                                                  • Opcode ID: 5d5570f8a10cb7a806a67cbbe6a9f52131e3c8302fa82ec5a631861a7e33764d
                                                                                  • Instruction ID: 6983e3cb975ce7f0fbf95ad93372487cf30888e54a4bfab947b5a8a1dba7fe67
                                                                                  • Opcode Fuzzy Hash: 5d5570f8a10cb7a806a67cbbe6a9f52131e3c8302fa82ec5a631861a7e33764d
                                                                                  • Instruction Fuzzy Hash: 26112731654309ABEB25DA7DCC49FAB739CDF99324F02481AAB15C7180EBB0E90082D4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D843EE4, Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,00000028,?,?,6D8146F9,00000000,00000000,00000001), ref: 6D843F07
                                                                                  • RtlGetLocaleFileMappingAddress.BCCB(00000001,6D8F65D4,6D8146F9,?,00000008,00000028,?,?,6D8146F9,00000000,00000000,00000001), ref: 6D843F23
                                                                                    • Part of subcall function 6D843FA0: ZwInitializeNlsFiles.BCCB(00000028,00000008,?,?,?,00000000,?,6D843F28,00000001,6D8F65D4,6D8146F9,?,00000008,00000028,?), ref: 6D843FCD
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000001,6D8F65D4,6D8146F9,?,00000008,00000028,?,?,6D8146F9,00000000,00000000,00000001), ref: 6D87E7D3
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000001,6D8F65D4,6D8146F9,?,00000008,00000028,?,?,6D8146F9,00000000,00000000,00000001), ref: 6D87E7EB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$Free$AddressAllocateFileFilesInitializeLocaleMapping
                                                                                  • String ID:
                                                                                  • API String ID: 1831200515-0
                                                                                  • Opcode ID: e4136e32dedcf815c0f4688414ceb2c43155ff02a7c01cb78e749abe3a8514f2
                                                                                  • Instruction ID: ab66f0d5f6b78b904368521c82b7f8d49eac6b9b767b855f35b3946cd7d80f77
                                                                                  • Opcode Fuzzy Hash: e4136e32dedcf815c0f4688414ceb2c43155ff02a7c01cb78e749abe3a8514f2
                                                                                  • Instruction Fuzzy Hash: 4B21EA79640A059FC725DF2DC808B56B3F4FF08708F1088A8A908CBB21E730EC42CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D898372, Relevance: 6.1, APIs: 4, Instructions: 72nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwClose.BCCB(00000000,?,00000000,00000000), ref: 6D89839C
                                                                                  • RtlStringFromGUIDEx.BCCB(?,?,00000001,?,00000000,00000000), ref: 6D8983B9
                                                                                  • ZwCreateKey.BCCB(?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?,00000000,00000000), ref: 6D8983F5
                                                                                  • RtlFreeUnicodeString.BCCB(?,?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?,00000000,00000000), ref: 6D898400
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: String$CloseCreateFreeFromUnicode
                                                                                  • String ID:
                                                                                  • API String ID: 4294597832-0
                                                                                  • Opcode ID: c2a2b0699812ea52f8a7902b5fd09328d5ce51c962579a83adbc18f6b8953903
                                                                                  • Instruction ID: 4a61431cd12e7df915d8efe0093a4f5371d114513e80f9b7d24125bd9126ccd3
                                                                                  • Opcode Fuzzy Hash: c2a2b0699812ea52f8a7902b5fd09328d5ce51c962579a83adbc18f6b8953903
                                                                                  • Instruction Fuzzy Hash: 6E212FB1D0021EABDB14CFA8C889DEFB7B8EF08714F11452AE910E7200EB709D048BE0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80519E, Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6D8052A5: RtlEnterCriticalSection.BCCB(6D8F79A0,?,00000000,?), ref: 6D8052BF
                                                                                    • Part of subcall function 6D8052A5: RtlLeaveCriticalSection.BCCB(6D8F79A0,6D8F79A0,?,00000000,?), ref: 6D8052DD
                                                                                  • RtlEqualUnicodeString.BCCB(?,?,00000001,?,?,?), ref: 6D860CCB
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F79A0,?,?,?), ref: 6D860CE4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Leave$EnterEqualStringUnicode
                                                                                  • String ID:
                                                                                  • API String ID: 4283003422-0
                                                                                  • Opcode ID: 839a2088e39867c7636f9d692d9c0b4faf06d139668e49e13e12ac914a4a8235
                                                                                  • Instruction ID: 0bfb43b2a1028310d39dce90edfb1e90310820ccbf130dd90edaf8214ecdb97b
                                                                                  • Opcode Fuzzy Hash: 839a2088e39867c7636f9d692d9c0b4faf06d139668e49e13e12ac914a4a8235
                                                                                  • Instruction Fuzzy Hash: 1E113634945306ABCB209F6DC858ABABBE5FF16720F110DAAF845936C0D731C941C7A0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80A745, Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,?,6D83DFD8,00000000,?,?,?,?,?,6D803DAD,?,00000000,6D8DF4D0,00000084), ref: 6D80A757
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,?,6D83DFD8,00000000,?,?,?,?,?,6D803DAD,?,00000000,6D8DF4D0), ref: 6D80A774
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,?,6D83DFD8,00000000,?,?,?,?,?,6D803DAD,?,00000000,6D8DF4D0), ref: 6D86442E
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,?,00000000,?,6D83DFD8,00000000,?,?,?,?,?,6D803DAD), ref: 6D86443F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireFreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 2563869513-0
                                                                                  • Opcode ID: d14c157ac03f9bdf92950cb1277edd03b5a6faaaccfb2289038fd7eb51ef4817
                                                                                  • Instruction ID: de928e90b94d3d79f0d2f516177d4d209dbd61bf73cde39b7bd086663ccd81c9
                                                                                  • Opcode Fuzzy Hash: d14c157ac03f9bdf92950cb1277edd03b5a6faaaccfb2289038fd7eb51ef4817
                                                                                  • Instruction Fuzzy Hash: 9D01D67224A105DBC310DB2DEC09F29B778EB4A338B058A6AE508CB251CB75D841C7D0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D833B5A, Relevance: 6.1, APIs: 4, Instructions: 51memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFreeHeap.BCCB(?,?,?,6D833AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6D876208
                                                                                  • RtlFreeHeap.BCCB(?,?,?,6D833AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6D87622C
                                                                                  • RtlFreeHeap.BCCB(?,?,?,6D833AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6D876250
                                                                                  • RtlFreeHeap.BCCB(?,?,00000000,6D833AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6D87626D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3298025750-0
                                                                                  • Opcode ID: c421362fb9132a68cee07df4ff2bb60837d8e15ef1ad5465117a315739c93ea7
                                                                                  • Instruction ID: f3b85455c0162dc3b01886b9d386b58b35bcaac633ae164e8036e61a0d109a21
                                                                                  • Opcode Fuzzy Hash: c421362fb9132a68cee07df4ff2bb60837d8e15ef1ad5465117a315739c93ea7
                                                                                  • Instruction Fuzzy Hash: 2F112576A115549FCB69DB49CE49F6E73B9FB18704F160868E805A7762C328EC00CBD4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82E090, Relevance: 6.0, APIs: 4, Instructions: 38nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlWow64EnableFsRedirectionEx.BCCB(6D8DFE18,6D8DFE18,6D82DFDF,?), ref: 6D82E0A6
                                                                                  • RtlEnterCriticalSection.BCCB(6D8F7B60,6D82DFDF,?), ref: 6D82E0B7
                                                                                  • RtlLeaveCriticalSection.BCCB(6D8F7B60,6D8F7B60,6D82DFDF,?), ref: 6D82E0DC
                                                                                  • ZwSetEvent.BCCB(00000000,6D8F7B60,6D8F7B60,6D82DFDF,?), ref: 6D82E0EF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnableEnterEventLeaveRedirectionWow64
                                                                                  • String ID:
                                                                                  • API String ID: 355146318-0
                                                                                  • Opcode ID: d99aa107150ee135e00f14ea1d731b482c88e222f348cc7bd6797bc96a199ce8
                                                                                  • Instruction ID: 4093e5a31c60ede1b27b468b036dac419ce14bf75e30cb7c9efdd2ea5fdcecb1
                                                                                  • Opcode Fuzzy Hash: d99aa107150ee135e00f14ea1d731b482c88e222f348cc7bd6797bc96a199ce8
                                                                                  • Instruction Fuzzy Hash: 4A018170C08149AEFF13DA788C5CFAE7A75BB0B358F564865E100A2650C3355DD6C7EA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8AEB8A, Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 599timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,?,6D8C2783,00000001,?,00000000,?,?,?,?,6D85FC15), ref: 6D8AEBB6
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,?,6D8C2783,00000001), ref: 6D8AF23E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentDebugPrintServiceSessionTimes
                                                                                  • String ID: @
                                                                                  • API String ID: 358024996-2766056989
                                                                                  • Opcode ID: b0926905d67a2b7014fd0081014aaf4e56b3a754406ed6e7acf4ddc847133781
                                                                                  • Instruction ID: 59890c90aefdb0b98fc4b6a82558094f1e1ef5cca30642df52a5d820397b40f2
                                                                                  • Opcode Fuzzy Hash: b0926905d67a2b7014fd0081014aaf4e56b3a754406ed6e7acf4ddc847133781
                                                                                  • Instruction Fuzzy Hash: 2532BD703246669BE716CF29C098772B7E1FF45304F088C9AF895CB285E735E856CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D840E21, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,00000618,?,?), ref: 6D840EDA
                                                                                  • RtlRaiseException.BCCB ref: 6D87CC58
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateExceptionHeapRaise
                                                                                  • String ID: Flst
                                                                                  • API String ID: 3789339297-2374792617
                                                                                  • Opcode ID: 12c60c314fa976b46b8368c3f7aa159f92884066cce4c499849038fd77fd9aa5
                                                                                  • Instruction ID: 43c739ac7222572bbc4d5661a9289bdaff86bc4e7e07561982aa0a71dcef4d9f
                                                                                  • Opcode Fuzzy Hash: 12c60c314fa976b46b8368c3f7aa159f92884066cce4c499849038fd77fd9aa5
                                                                                  • Instruction Fuzzy Hash: F741A9B060930A9FC315CF19C188A2BFBE4FF99B10F10896EE559CB281D731D881CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D802240, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99memorytimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,00000034,?,?,?,?,?,?,?,?,?,6D8DF350,0000004C), ref: 6D8022AC
                                                                                  • TpAllocTimer.BCCB(00000020,6D8D9440,00000000,00000003,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 6D80235A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocAllocateHeapTimer
                                                                                  • String ID: (
                                                                                  • API String ID: 2926205940-3887548279
                                                                                  • Opcode ID: ce4daa527e33a9c0e981a6a4164543a48b9d1a38479f8f1e77e58fda7cfe6629
                                                                                  • Instruction ID: 617f39e3db8b9055334bce2f50fc19ee4b3525666fb231a64e9a056981031e2e
                                                                                  • Opcode Fuzzy Hash: ce4daa527e33a9c0e981a6a4164543a48b9d1a38479f8f1e77e58fda7cfe6629
                                                                                  • Instruction Fuzzy Hash: 854135B0D14259DFCB11CF98C884B8DBBB8BF0CB14F114A1AE944AB641C7B89991CF94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8066D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB(?,UBR,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6D8066F5
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,?,00000014,?,?,UBR,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6D80670B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitQueryStringUnicodeValue
                                                                                  • String ID: UBR
                                                                                  • API String ID: 3766860702-3525060630
                                                                                  • Opcode ID: 245f4db317e1f39ecc91a66b9493227644936f80ee187facd4e2be64c76a324c
                                                                                  • Instruction ID: ad9e38a1f6335dac62358bfbed2622ed46ac4ac336b7b4932f95950bc4bcb48e
                                                                                  • Opcode Fuzzy Hash: 245f4db317e1f39ecc91a66b9493227644936f80ee187facd4e2be64c76a324c
                                                                                  • Instruction Fuzzy Hash: 5A012C71A0410EAFDB00CE99D949AFFB3BCEB49725F114966EA01E7100E730AE4587A2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8B8DF1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,Critical error detected %lx,?,6D8E0D50,00000074,6D8C20A2,?,?,6D8BFFAF,00000001,00000020,6D8F58C0,00000000), ref: 6D8B8E2A
                                                                                  • RtlRaiseException.BCCB(?), ref: 6D8B8E74
                                                                                  Strings
                                                                                  • Critical error detected %lx, xrefs: 6D8B8E21
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExceptionPrintRaise
                                                                                  • String ID: Critical error detected %lx
                                                                                  • API String ID: 1813208005-802127002
                                                                                  • Opcode ID: 9927869c782fe49447b93da0bb7f18e7104d35203f7e085cf5c5b29371733670
                                                                                  • Instruction ID: cbbf350ae6ddd8f914d9c21ed9a36083ce0201de220c1cee5327551a22362dac
                                                                                  • Opcode Fuzzy Hash: 9927869c782fe49447b93da0bb7f18e7104d35203f7e085cf5c5b29371733670
                                                                                  • Instruction Fuzzy Hash: 10115B71D5934ADADF19CFA885097ACBBB0BB45314F244A5DE5686B382C3344612CF15
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8CE2C5, Relevance: 4.7, APIs: 3, Instructions: 202COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _aullshr.BCCB(-00000044,?,?,00000000,00000000,?,00000001,00000000,00000000,00000000,?,?,6D8C2783,00000001), ref: 6D8CE325
                                                                                  • RtlAcquireSRWLockShared.BCCB(0000000C,-00000044,?,?,00000000,00000000,?,00000001,00000000,00000000), ref: 6D8CE45E
                                                                                  • RtlReleaseSRWLockShared.BCCB(0000000C,0000000C,-00000044,?,?,00000000,00000000,?,00000001,00000000,00000000), ref: 6D8CE48D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: LockShared$AcquireRelease_aullshr
                                                                                  • String ID:
                                                                                  • API String ID: 815091738-0
                                                                                  • Opcode ID: d25a8f116f4fbc443dda2ea9c4f465cb22176a0d0be3b423ac6d1528a29d1c4b
                                                                                  • Instruction ID: fecf46a168c64a2ade45e325f12b1503d50b5c6131f1c32be71e55e7d91ce92a
                                                                                  • Opcode Fuzzy Hash: d25a8f116f4fbc443dda2ea9c4f465cb22176a0d0be3b423ac6d1528a29d1c4b
                                                                                  • Instruction Fuzzy Hash: 1B61C471A0451ACBCB15CFB8C8855ADB7F6FB883247248B6AE425E77C0D734E942CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83E730, Relevance: 4.6, APIs: 3, Instructions: 89memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwQueryInformationProcess.BCCB(000000FF,00000024,FFFFFFFE,00000004,00000000,?,?,6D89FF7D,6D8E09B0,00000014,6D81EBD8,?,?,?,00000000), ref: 6D83E742
                                                                                  • RtlRaiseStatus.BCCB(00000000,000000FF,00000024,FFFFFFFE,00000004,00000000,?,?,6D89FF7D,6D8E09B0,00000014,6D81EBD8,?,?,?,00000000), ref: 6D83E765
                                                                                  • RtlAllocateHeap.BCCB(?,?,?,?,FFFFFFFE,?,?,00000000,000000FF,00000024,FFFFFFFE,00000004,00000000,?,?,6D89FF7D), ref: 6D83E7A3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateHeapInformationProcessQueryRaiseStatus
                                                                                  • String ID:
                                                                                  • API String ID: 1560743067-0
                                                                                  • Opcode ID: 03244bfccc4519547c9ef5773273cb3609a732bcf579785d79b698bddc0234de
                                                                                  • Instruction ID: ba4d0a10aff773cc1d7ffd90cb2ad8647e0815e9ab2ac8cec4fa77cae8844139
                                                                                  • Opcode Fuzzy Hash: 03244bfccc4519547c9ef5773273cb3609a732bcf579785d79b698bddc0234de
                                                                                  • Instruction Fuzzy Hash: 15318CB5A14249AFE745CF58C844B8AB7E4FB09314F158A5AF918CB341D631EC80CBE0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D826E30, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 481COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.BCCB(01000000,00000000,?,?,00000024,00000000,?), ref: 6D826F17
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memset
                                                                                  • String ID: .
                                                                                  • API String ID: 2221118986-248832578
                                                                                  • Opcode ID: 714b89ba06382b3a762aab3d8585e864c2697bce621cb5e8be0d52075f8eca7a
                                                                                  • Instruction ID: 704ecc18d66eb4d26e49d85a4db988e46449279905fe283bfeae6cdf5b7b6807
                                                                                  • Opcode Fuzzy Hash: 714b89ba06382b3a762aab3d8585e864c2697bce621cb5e8be0d52075f8eca7a
                                                                                  • Instruction Fuzzy Hash: 9002A070D1425ACBCB15CF9AC889AADB7B1FF45710F61882EE815EB290E77098C5CBD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8335D0, Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlNtStatusToDosError.BCCB ref: 6D8760B6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ErrorStatus
                                                                                  • String ID:
                                                                                  • API String ID: 1596131371-0
                                                                                  • Opcode ID: 7502486aebd5528ee6b0a8e58adc98cbe7983c9114b94771b327b47e72a65439
                                                                                  • Instruction ID: 5de171c8d8424c9e11b4773e2dcff728c386d34f704dbaca594b01bc4ad70d34
                                                                                  • Opcode Fuzzy Hash: 7502486aebd5528ee6b0a8e58adc98cbe7983c9114b94771b327b47e72a65439
                                                                                  • Instruction Fuzzy Hash: 1E6138306182269FE7658B2AC85DB3AB3E1BB86300F01CD59F5968B2C1E774D841DBE0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8C67E2, Relevance: .5, Instructions: 473COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: aa5710a17891faf7785741613fadcf70a7d00e4e71960ed550cdc935de5b7b73
                                                                                  • Instruction ID: 0007d3e2a026970a331282ee0e45b2b6d6c4a5cfbace41779d05afd9dad03a0e
                                                                                  • Opcode Fuzzy Hash: aa5710a17891faf7785741613fadcf70a7d00e4e71960ed550cdc935de5b7b73
                                                                                  • Instruction Fuzzy Hash: A0021434614646DAD714CF2AC08A371B7F1FF46300B01C9BAE8E5CB2A1D335E856DBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D81B090, Relevance: .4, Instructions: 405COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                                  • Instruction ID: d69c6bdcb7a0b56a76398f6149ffd60d269cdc7ac351dd2957175212bd33c0ea
                                                                                  • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
                                                                                  • Instruction Fuzzy Hash: 42D1F47175C2678BD702CE68CC8866AB7F5AF87724B29CD68EC64CB341E731E8498750
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004024A8, Relevance: .4, Instructions: 372COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.715207835.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: aae5f6f58b48061d855cbb2ca3b0f9cbd2cf1ea38a04fcc98af42383db5ce81f
                                                                                  • Instruction ID: ba0c7ee41d571275f8658478e8bb30fd70880ea594985f14298c40535d71de4b
                                                                                  • Opcode Fuzzy Hash: aae5f6f58b48061d855cbb2ca3b0f9cbd2cf1ea38a04fcc98af42383db5ce81f
                                                                                  • Instruction Fuzzy Hash: B291223A6141105FC72589389E5A6D53720ABA2B11F3C267FE6D1A7EC1C2FDC40B875E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D800D20, Relevance: .4, Instructions: 372COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 10638f51382c9cecffffc2a12396e27b00c714727bbe9d366f3bca482829c128
                                                                                  • Instruction ID: 3e2252691fadacb0ad0338cc4bfbb731ae46a2f266030515ab27143e5693fbc2
                                                                                  • Opcode Fuzzy Hash: 10638f51382c9cecffffc2a12396e27b00c714727bbe9d366f3bca482829c128
                                                                                  • Instruction Fuzzy Hash: 57D1F231E0424E8BDB4ACE9ACC983FDBBB1FB49354F208829E951F7285D7748981CB41
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D838840, Relevance: .3, Instructions: 340COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 25fa1d701f9cefb6730978020afc144c1af5272ab21e7fe31dbec40dfb96f6a2
                                                                                  • Instruction ID: c96987833f353643554f15ccbe6e5f9f9c4aa2a776aff5154e82c27232bdd354
                                                                                  • Opcode Fuzzy Hash: 25fa1d701f9cefb6730978020afc144c1af5272ab21e7fe31dbec40dfb96f6a2
                                                                                  • Instruction Fuzzy Hash: EEB15C32B645258BDB1D8A58C86D37D3673FFD6310F1ACA69D91ACF7D8D63889008392
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83EBB0, Relevance: .2, Instructions: 250COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                                  • Instruction ID: 1e30e91c19dd2e10e559419238e0260cf45ac5516970e1d332a9ba2b49ae81c0
                                                                                  • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
                                                                                  • Instruction Fuzzy Hash: 51813D6195826A8BEB234DECC4D82ADBB51FF53340B264F7AE849CB241C125EC46D7D1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82AB40, Relevance: .2, Instructions: 240COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ba21b8bd2305e84ad76ae5f62a616a02aba6a6b4388c293aca21a4beabce699c
                                                                                  • Instruction ID: 4a0b6b45cfe6e6360ebf2086ad8adaa7292cd9641724c1239c1e027be51f5e91
                                                                                  • Opcode Fuzzy Hash: ba21b8bd2305e84ad76ae5f62a616a02aba6a6b4388c293aca21a4beabce699c
                                                                                  • Instruction Fuzzy Hash: 4081F231A0021A9BDB14CF69C898F7AB7F1FF85311F158A99E9909B381C630EC81CBD0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8BFA2B, Relevance: .2, Instructions: 214COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 78bae131a443f5ce955a08074460d883280e03c871511d8e36c463a84c1e6c3e
                                                                                  • Instruction ID: 698907320509a10822763e32448cfe77cb4f30452d533a81e26b074ca50de408
                                                                                  • Opcode Fuzzy Hash: 78bae131a443f5ce955a08074460d883280e03c871511d8e36c463a84c1e6c3e
                                                                                  • Instruction Fuzzy Hash: 5681907890421AAFDB18CF59C468AB9F7F1FB19304F10C959E950EB381D3369881CF54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8C1002, Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c68b1db98dc2e4a8bb774436f8c031a5f73be74acf474b6922767b79b2311058
                                                                                  • Instruction ID: 0fcb78fedb397e9ea1b07d484c323d707d6c3061f3d0ee18c4a57d2c95e852ab
                                                                                  • Opcode Fuzzy Hash: c68b1db98dc2e4a8bb774436f8c031a5f73be74acf474b6922767b79b2311058
                                                                                  • Instruction Fuzzy Hash: B8716A38A10766CBDB14CF5AC4D867AB3F1FB49701B608C6EE8928B640D775E950CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8D32A9, Relevance: .1, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0d14ea50f9c316ab1a13b059981f60bd6c38f70386254b8c36f4221f12a435f3
                                                                                  • Instruction ID: 7e63808c66b20c399a53aeba6fe340392036f8795bdac8804413766b284bbbb7
                                                                                  • Opcode Fuzzy Hash: 0d14ea50f9c316ab1a13b059981f60bd6c38f70386254b8c36f4221f12a435f3
                                                                                  • Instruction Fuzzy Hash: 8E210532A142064FD798CE2DE988A6673BAFF85701B518D38E910D71D5DB70FC86C790
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83ABD8, Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d4485f182b052dc28060a204f4b98fffdbd710f7e71cb1a9f571041eb4735c73
                                                                                  • Instruction ID: 63ef129fe2a85a31d6bf0e19ca8511955be0c11c06b67c602528180394d424ff
                                                                                  • Opcode Fuzzy Hash: d4485f182b052dc28060a204f4b98fffdbd710f7e71cb1a9f571041eb4735c73
                                                                                  • Instruction Fuzzy Hash: 13210530214626ABCF18DF6DC488AF2B7E5FB96304F52891AE4D987281D321F806CBD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D836B90, Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                                                  • Instruction ID: d117da4ce9426c3e230e0c1426dcab1b3acc0a2704253b91ce9aedac5f2da217
                                                                                  • Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                                                                  • Instruction Fuzzy Hash: 06F04975A05219DFDB18CE88C699BACB7B5FB44310F2648A8E51ADB700D6799E00DBD0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D808EE6, Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: %s() found assembly information section with user data overlapping section header Section header: %p Header Size: %lu User Data Offset: %lu, xrefs: 6D86359D
                                                                                  • SsHd, xrefs: 6D808F1B
                                                                                  • SXS: %s() passed string section at %p with too small of a header HeaderSize: %lu Required: %lu, xrefs: 6D86354D
                                                                                  • SXS: %s() passed string section at %p only %Iu bytes long; that's not even enough for the 4-byte magic and 4-byte header length!, xrefs: 6D8634F1
                                                                                  • SXS: %s() found assembly information section with wrong magic value Expected %lu; got %lu, xrefs: 6D86353D
                                                                                  • SXS: %s() found assembly information section with user data too small Section header: %p UserDataSize: %lu; needed: %lu, xrefs: 6D86355D
                                                                                  • SXS: %s() found assembly information section with element list overlapping section header Section header: %p Header Size: %lu ElementListOffset: %lu, xrefs: 6D863577
                                                                                  • SXS: %s() found assembly information section with search structure overlapping section header Section header: %p Header Size: %lu SearchStructureOffset: %lu, xrefs: 6D86358E
                                                                                  • SXS: %s() passed string section at %p claims %lu byte header size; that doesn't even include the HeaderSize member!, xrefs: 6D8634FF
                                                                                  • RtlpCrackActivationContextStringSectionHeader, xrefs: 6D8634EC, 6D8634FA, 6D863517, 6D863538, 6D863548, 6D863558, 6D863572, 6D863589, 6D863598
                                                                                  • SXS: %s() found assembly information section with user data extending beyond section data Section header: %p UserDataSize: %lu UserDataOffset: %lu Section size: %Iu, xrefs: 6D86351C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlpCrackActivationContextStringSectionHeader$SXS: %s() found assembly information section with element list overlapping section header Section header: %p Header Size: %lu ElementListOffset: %lu$SXS: %s() found assembly information section with search structure overlapping section header Section header: %p Header Size: %lu SearchStructureOffset: %lu$SXS: %s() found assembly information section with user data extending beyond section data Section header: %p UserDataSize: %lu UserDataOffset: %lu Section size: %Iu$SXS: %s() found assembly information section with user data overlapping section header Section header: %p Header Size: %lu User Data Offset: %lu$SXS: %s() found assembly information section with user data too small Section header: %p UserDataSize: %lu; needed: %lu$SXS: %s() found assembly information section with wrong magic value Expected %lu; got %lu$SXS: %s() passed string section at %p claims %lu byte header size; that doesn't even include the HeaderSize member!$SXS: %s() passed string section at %p only %Iu bytes long; that's not even enough for the 4-byte magic and 4-byte header length!$SXS: %s() passed string section at %p with too small of a header HeaderSize: %lu Required: %lu$SsHd
                                                                                  • API String ID: 0-1525761513
                                                                                  • Opcode ID: 2d46ba72e2e0bfb57cdb97945deef276939fe5b25cc3d22c33b54d5579c06521
                                                                                  • Instruction ID: 371b74e1ee47cdb1c8017d056eedac5df569527c4581e654f7b2195667b177b8
                                                                                  • Opcode Fuzzy Hash: 2d46ba72e2e0bfb57cdb97945deef276939fe5b25cc3d22c33b54d5579c06521
                                                                                  • Instruction Fuzzy Hash: 9241A7B1214246BFB7219E19CD8CE3777BEEB95768714895DB404AB302E231EE428772
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8231F0, Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 248COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 65%
                                                                                  			E6D8231F0(void* __ecx, void __edx, void* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v12;
				void _v28;
				signed int _v32;
				void _v36;
				int _v40;
				void _v44;
				intOrPtr _v48;
				void _v52;
				intOrPtr* _v56;
				intOrPtr* _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t80;
				void* _t85;
				intOrPtr _t86;
				void* _t90;
				signed int _t91;
				signed int _t95;
				signed int _t96;
				int _t97;
				void* _t99;
				intOrPtr _t100;
				signed int _t106;
				int _t110;
				void _t120;
				void* _t125;
				signed char _t126;
				void* _t127;
				intOrPtr _t128;
				void* _t135;
				void* _t136;
				intOrPtr _t137;
				signed int _t139;
				void* _t140;
				signed int _t152;

				_t132 = __edx;
				_v12 =  *0x6d8fd360 ^ _t139;
				_t135 = __ecx;
				_t136 = 0;
				_v56 = _a8;
				_t110 =  *(__ecx + 0xc);
				_v52 = __edx;
				_v60 = _a12;
				_v40 = _t110;
				if(_t110 < 0x20 ||  *((intOrPtr*)(__ecx + 4)) < 0x20) {
					_push( *((intOrPtr*)(_t135 + 4)));
					_push(_t110);
					_push(_t135);
					_push("SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu\n");
					goto L50;
				} else {
					if(__edx != 0) {
						_t82 =  *((intOrPtr*)(__ecx + 0x14));
						if( *((intOrPtr*)(__ecx + 0x14)) == 0) {
							goto L25;
						} else {
							_t132 = 1;
							_t85 = E6D89444F(_t82, 1, 0x10, _t110);
							_t86 =  *((intOrPtr*)(_t135 + 0x14));
							_push(_t110);
							if(_t85 != 0) {
								_t120 =  *(_t86 + _t135 + 4);
								_t132 = _t120;
								_v44 = _t120;
								_push(0x18);
								_v32 =  *((intOrPtr*)(_t86 + _t135 + 8));
								if(E6D89444F( *((intOrPtr*)(_t86 + _t135 + 8)), _t120) != 0) {
									_t123 = _v32 + _t135;
									_v32 = 0;
									_v48 = _t123;
									if(_v44 <= 0) {
										goto L25;
									} else {
										_t110 = _v52;
										_v36 = _t123;
										while(1) {
											_t90 = E6D84F380(_t110, _t123, 0x10);
											_t140 = _t140 + 0xc;
											_t91 = _v32;
											if(_t90 == 0) {
												break;
											}
											_t106 = _t91 + 1;
											_t123 = _v36 + 0x18;
											_v32 = _t106;
											_v36 = _v36 + 0x18;
											if(_t106 < _v44) {
												continue;
											} else {
												goto L25;
											}
											goto L52;
										}
										_t132 = 1;
										_t110 =  *(_v48 + 0x10 + (_t91 + _t91 * 2) * 8);
										if(E6D89444F(_t110, 1, 0x10,  *(_t135 + 0xc)) != 0) {
											goto L4;
										} else {
											_push(_v40);
											_push(0x10);
											_push(_t110);
											E6D895720(0x33, 0, "SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes)\n", _v32);
											goto L51;
										}
									}
								} else {
									_push(_t110);
									_push(0x18);
									_push(_v44);
									E6D895720(0x33, 0, "SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)\n", _v32);
									goto L51;
								}
							} else {
								E6D895720(0x33, 0, "SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes)\n", _t86);
								goto L51;
							}
						}
					} else {
						_t110 =  *(__ecx + 0x10);
						if(_t110 == 0) {
							L25:
							return E6D84B640(0xc0150001, _t110, _v12 ^ _t139, _t132, _t135, _t136);
						} else {
							L4:
							_t125 = _t135 + _t110;
							if(_t125 == 0) {
								goto L25;
							} else {
								_t110 =  *(_t125 + 4);
								if(_t110 == 0) {
									goto L25;
								} else {
									_v36 =  *(_t125 + 8);
									_t95 = _t110;
									_t96 = _t95 * 0x10;
									_t152 = _t95 * 0x10 >> 0x20;
									if(_t152 < 0 || _t152 <= 0 && _t96 <= 0xffffffff) {
										_t132 =  *(_t125 + 8);
										_t137 = _t96 + _t132;
										_v48 = _t137;
										_t136 = 0;
										if(_t137 < _t96) {
											goto L47;
										} else {
											_t97 =  *(_t135 + 0xc);
											if(_t132 >= _t97 || _v48 > _t97) {
												goto L48;
											} else {
												_t126 =  *(_t125 + 0xc);
												_t99 = _t132 + _t135;
												if((_t126 & 0x00000002) == 0) {
													_t127 = 0;
													if(_t110 != 0) {
														_t132 = _a4;
														while( *_t99 != _t132) {
															_t127 = _t127 + 1;
															_t99 = _t99 + 0x10;
															if(_t127 < _t110) {
																continue;
															} else {
															}
															goto L17;
														}
														goto L16;
													}
													goto L17;
												} else {
													_t132 =  *_t99;
													_t136 = _a4;
													if(_t136 < _t132) {
														goto L25;
													} else {
														if((_t126 & 0x00000001) != 0) {
															_t136 = _t136 - _t132;
															if(_t136 >= _t110) {
																goto L25;
															} else {
																_t136 = _t99 + (_t136 << 4);
																goto L17;
															}
														} else {
															_v28 = _t136;
															_t99 = bsearch( &_v28, _t99, _t110, 0x10, 0x6d838c30);
															_t140 = _t140 + 0x14;
															L16:
															_t136 = _t99;
															L17:
															if(_t136 == 0) {
																goto L25;
															} else {
																_t100 =  *((intOrPtr*)(_t136 + 4));
																if(_t100 == 0) {
																	goto L25;
																} else {
																	_t128 =  *((intOrPtr*)(_t136 + 8));
																	_t110 =  *(_t135 + 0xc);
																	if(_t128 > 0xffffffff) {
																		L26:
																		_push(_t110);
																		_push(_t128);
																		_push(_t100);
																		_push("SXS/RTL: Section found (offset %ld; length %lu) extends past end of activation context data (%lu bytes)\n");
																		L50:
																		_push(0);
																		_push(0x33);
																		E6D895720();
																		goto L51;
																	} else {
																		_t132 = _t128 + _t100;
																		if(_t132 < _t128 || _t100 >= _t110 || _t132 > _t110) {
																			goto L26;
																		} else {
																			 *_v56 = _t100 + _t135;
																			 *_v60 =  *((intOrPtr*)(_t136 + 8));
																			_t80 = 0;
																		}
																	}
																	goto L24;
																}
															}
														}
													}
												}
											}
										}
									} else {
										_t132 = _v36;
										L47:
										_t97 = _v40;
										L48:
										_push(_t97);
										_push(0x10);
										_push(_t110);
										E6D895720(0x33, 0, "SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)\n", _t132);
										L51:
										_t80 = 0xc0150003;
										L24:
										return E6D84B640(_t80, _t110, _v12 ^ _t139, _t132, _t135, _t136);
									}
								}
							}
						}
					}
				}
				L52:
			}







































                                                                                  0x6d8231f0
                                                                                  0x6d8231ff
                                                                                  0x6d823205
                                                                                  0x6d82320c
                                                                                  0x6d82320e
                                                                                  0x6d823214
                                                                                  0x6d823217
                                                                                  0x6d82321a
                                                                                  0x6d82321d
                                                                                  0x6d823223
                                                                                  0x6d86d974
                                                                                  0x6d86d977
                                                                                  0x6d86d978
                                                                                  0x6d86d979
                                                                                  0x00000000
                                                                                  0x6d823233
                                                                                  0x6d823235
                                                                                  0x6d86d824
                                                                                  0x6d86d829
                                                                                  0x00000000
                                                                                  0x6d86d82f
                                                                                  0x6d86d832
                                                                                  0x6d86d839
                                                                                  0x6d86d840
                                                                                  0x6d86d843
                                                                                  0x6d86d844
                                                                                  0x6d86d85d
                                                                                  0x6d86d861
                                                                                  0x6d86d867
                                                                                  0x6d86d86c
                                                                                  0x6d86d86e
                                                                                  0x6d86d878
                                                                                  0x6d86d89f
                                                                                  0x6d86d8a1
                                                                                  0x6d86d8a4
                                                                                  0x6d86d8aa
                                                                                  0x00000000
                                                                                  0x6d86d8b0
                                                                                  0x6d86d8b0
                                                                                  0x6d86d8b3
                                                                                  0x6d86d8b6
                                                                                  0x6d86d8ba
                                                                                  0x6d86d8bf
                                                                                  0x6d86d8c4
                                                                                  0x6d86d8c7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86d8cc
                                                                                  0x6d86d8cd
                                                                                  0x6d86d8d0
                                                                                  0x6d86d8d3
                                                                                  0x6d86d8d9
                                                                                  0x00000000
                                                                                  0x6d86d8db
                                                                                  0x00000000
                                                                                  0x6d86d8db
                                                                                  0x00000000
                                                                                  0x6d86d8d9
                                                                                  0x6d86d8e9
                                                                                  0x6d86d8f0
                                                                                  0x6d86d8fd
                                                                                  0x00000000
                                                                                  0x6d86d903
                                                                                  0x6d86d903
                                                                                  0x6d86d909
                                                                                  0x6d86d90b
                                                                                  0x6d86d916
                                                                                  0x00000000
                                                                                  0x6d86d91b
                                                                                  0x6d86d8fd
                                                                                  0x6d86d87a
                                                                                  0x6d86d87d
                                                                                  0x6d86d87e
                                                                                  0x6d86d880
                                                                                  0x6d86d88d
                                                                                  0x00000000
                                                                                  0x6d86d892
                                                                                  0x6d86d846
                                                                                  0x6d86d850
                                                                                  0x00000000
                                                                                  0x6d86d855
                                                                                  0x6d86d844
                                                                                  0x6d82323b
                                                                                  0x6d82323b
                                                                                  0x6d823240
                                                                                  0x6d82332c
                                                                                  0x6d823341
                                                                                  0x6d823246
                                                                                  0x6d823246
                                                                                  0x6d823246
                                                                                  0x6d82324b
                                                                                  0x00000000
                                                                                  0x6d823251
                                                                                  0x6d823251
                                                                                  0x6d823256
                                                                                  0x00000000
                                                                                  0x6d82325c
                                                                                  0x6d823264
                                                                                  0x6d823267
                                                                                  0x6d823269
                                                                                  0x6d82326b
                                                                                  0x6d82326d
                                                                                  0x6d82327e
                                                                                  0x6d823281
                                                                                  0x6d823284
                                                                                  0x6d823289
                                                                                  0x6d82328e
                                                                                  0x00000000
                                                                                  0x6d823294
                                                                                  0x6d823294
                                                                                  0x6d823299
                                                                                  0x00000000
                                                                                  0x6d8232a8
                                                                                  0x6d8232a8
                                                                                  0x6d8232ab
                                                                                  0x6d8232b1
                                                                                  0x6d86d934
                                                                                  0x6d86d938
                                                                                  0x6d86d93e
                                                                                  0x6d86d941
                                                                                  0x6d86d949
                                                                                  0x6d86d94a
                                                                                  0x6d86d94f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86d951
                                                                                  0x00000000
                                                                                  0x6d86d94f
                                                                                  0x00000000
                                                                                  0x6d86d941
                                                                                  0x00000000
                                                                                  0x6d8232b7
                                                                                  0x6d8232b7
                                                                                  0x6d8232b9
                                                                                  0x6d8232be
                                                                                  0x00000000
                                                                                  0x6d8232c0
                                                                                  0x6d8232c3
                                                                                  0x6d86d920
                                                                                  0x6d86d924
                                                                                  0x00000000
                                                                                  0x6d86d92a
                                                                                  0x6d86d92d
                                                                                  0x00000000
                                                                                  0x6d86d92d
                                                                                  0x6d8232c9
                                                                                  0x6d8232d5
                                                                                  0x6d8232d9
                                                                                  0x6d8232de
                                                                                  0x6d8232e1
                                                                                  0x6d8232e1
                                                                                  0x6d8232e3
                                                                                  0x6d8232e5
                                                                                  0x00000000
                                                                                  0x6d8232e7
                                                                                  0x6d8232e7
                                                                                  0x6d8232ec
                                                                                  0x00000000
                                                                                  0x6d8232ee
                                                                                  0x6d8232ee
                                                                                  0x6d8232f1
                                                                                  0x6d8232f7
                                                                                  0x6d823344
                                                                                  0x6d823344
                                                                                  0x6d823345
                                                                                  0x6d823346
                                                                                  0x6d823347
                                                                                  0x6d86d97e
                                                                                  0x6d86d97e
                                                                                  0x6d86d980
                                                                                  0x6d86d982
                                                                                  0x00000000
                                                                                  0x6d8232f9
                                                                                  0x6d8232f9
                                                                                  0x6d8232fe
                                                                                  0x00000000
                                                                                  0x6d823308
                                                                                  0x6d82330d
                                                                                  0x6d823315
                                                                                  0x6d823317
                                                                                  0x6d823317
                                                                                  0x6d8232fe
                                                                                  0x00000000
                                                                                  0x6d8232f7
                                                                                  0x6d8232ec
                                                                                  0x6d8232e5
                                                                                  0x6d8232c3
                                                                                  0x6d8232be
                                                                                  0x6d8232b1
                                                                                  0x6d823299
                                                                                  0x6d86d956
                                                                                  0x6d86d956
                                                                                  0x6d86d959
                                                                                  0x6d86d959
                                                                                  0x6d86d95c
                                                                                  0x6d86d95c
                                                                                  0x6d86d95d
                                                                                  0x6d86d95f
                                                                                  0x6d86d96a
                                                                                  0x6d86d98a
                                                                                  0x6d86d98a
                                                                                  0x6d82331c
                                                                                  0x6d823329
                                                                                  0x6d823329
                                                                                  0x6d82326d
                                                                                  0x6d823256
                                                                                  0x6d82324b
                                                                                  0x6d823240
                                                                                  0x6d823235
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • bsearch.BCCB(00000001,?,00000020,00000010,6D838C30,00000010,?,C00000E5,00000000,00000030,?,6D808D70,00000000,?,?,00000030), ref: 6D8232D9
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes),?,?,00000010,?,C00000E5,00000000,00000030,?,6D808D70,00000000,?,?,00000030), ref: 6D86D850
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes),?,00000020,00000010,00000030,00000010,?,C00000E5,00000000,00000030,?,6D808D70,00000000,?), ref: 6D86D96A
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu,00000001,?,?,C00000E5,00000000,00000030,?,6D808D70,00000000,?,?,00000030,?), ref: 6D86D982
                                                                                  Strings
                                                                                  • SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes), xrefs: 6D86D847
                                                                                  • SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes), xrefs: 6D86D90D
                                                                                  • SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes), xrefs: 6D86D884
                                                                                  • SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes), xrefs: 6D86D961
                                                                                  • SXS/RTL: Section found (offset %ld; length %lu) extends past end of activation context data (%lu bytes), xrefs: 6D823347
                                                                                  • SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu, xrefs: 6D86D979
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$bsearch
                                                                                  • String ID: SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu$SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)$SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes)$SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes)$SXS/RTL: Section found (offset %ld; length %lu) extends past end of activation context data (%lu bytes)$SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)
                                                                                  • API String ID: 3813682011-732641482
                                                                                  • Opcode ID: a50ca0a590efcc7e6784e51f1c3d87fba6204485321de23595dded964a764efe
                                                                                  • Instruction ID: 24569cba566dd02e2bc4d56b5b9854bb040de7c7261a3d964e8d298f894f638e
                                                                                  • Opcode Fuzzy Hash: a50ca0a590efcc7e6784e51f1c3d87fba6204485321de23595dded964a764efe
                                                                                  • Instruction Fuzzy Hash: FB81EC71A0020AAFEB10CE58DC99FBDB3B9EB48714F10892DF915AB341D771AD41CBA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D804360, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 144COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 37%
                                                                                  			E6D804360(signed int _a4, unsigned int _a8) {
				void* _v4;
				signed int _v8;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t43;
				signed char _t46;
				signed int _t67;
				signed int _t69;
				void* _t70;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				void* _t84;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;

				_t89 = (_t87 & 0xfffffff8) - 0x5c;
				_t40 =  *0x6d8fd360 ^ _t89;
				_v8 =  *0x6d8fd360 ^ _t89;
				_push(_t85);
				if((_a4 & 0xfffffffe) != 0) {
					_push(_a4);
					_push("RtlDeactivateActivationContext");
					_push("SXS: %s() called with invalid flags 0x%08lx\n");
					L17:
					_push(0);
					_push(0x33);
					E6D895720();
					_t89 = _t89 + 0x14;
					L19:
					_push(0xc000000d);
					L21:
					L6D85DF30(_t71, _t80);
					L22:
					_t82 =  *_t85;
					_t71 = 0;
					if(_t82 == 0) {
						_t43 = 0;
					} else {
						asm("sbb eax, eax");
						_t43 =  ~( *(_t82 + 8) & 8) & _t82;
					}
					if(_t82 == 0) {
						L20:
						_push(0xc0150010);
						goto L21;
					} else {
						while(_t43 == 0 ||  *((intOrPtr*)(_t43 + 0xc)) != _t80) {
							_t82 =  *_t82;
							_t71 = _t71 + 1;
							if(_t82 == 0) {
								_t43 = 0;
							} else {
								asm("sbb eax, eax");
								_t43 =  ~( *(_t82 + 8) & 8) & _t82;
							}
							if(_t82 != 0) {
								continue;
							}
							break;
						}
						if(_t82 == 0) {
							goto L20;
						}
						_v84 = _v84 & 0x00000000;
						_v88 = _v88 & 0x00000000;
						_push( &_v92);
						_v76 = 3;
						_v72 = _t71;
						_v68 = _t82;
						_v64 = _t85;
						_v92 = 0xc015000f;
						E6D85DEF0(_t71, _t80);
						L8:
						_t83 =  *_t82;
						do {
							_t46 =  *(_t85 + 8);
							_t69 =  *_t85;
							if((_t46 & 0x00000001) != 0) {
								E6D839B10( *((intOrPtr*)(_t85 + 4)));
								_t46 =  *(_t85 + 8);
							}
							if((_t46 & 0x00000008) != 0) {
								_t80 = _t85;
								E6D804439(_v88, _t85);
							}
							_t85 = _t69;
						} while (_t69 != _t83);
						_t40 = _v88;
						 *_v88 = _t83;
						L14:
						_pop(_t84);
						_pop(_t86);
						_pop(_t70);
						return E6D84B640(_t40, _t70,  *(_t89 + 0x64) ^ _t89, _t80, _t84, _t86);
					}
				}
				_t80 = _a8;
				if(_t80 == 0) {
					goto L14;
				}
				if((_t80 & 0xf0000000) != 0x10000000) {
					_push(_t80);
					_push("RtlDeactivateActivationContext");
					_push("SXS: %s() called with invalid cookie type 0x%08Ix\n");
					goto L17;
				}
				_t85 = 0xfff;
				_t71 = _t80 >> 0x00000010 ^  *( *( *[fs:0x18] + 0x1a8) + 0x14);
				_t40 =  *( *[fs:0x18] + 0x1a8);
				if((0x00000fff & (_t80 >> 0x00000010 ^  *( *( *[fs:0x18] + 0x1a8) + 0x14))) != 0) {
					_push( *(_t40 + 0x14) & 0x00000fff);
					_push(_t80);
					E6D895720(0x33, 0, "SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix\n", "RtlDeactivateActivationContext");
					_t89 = _t89 + 0x18;
					goto L19;
				}
				_t85 =  *_t40;
				_v96 = _t40;
				if(_t85 == 0) {
					goto L14;
				}
				_t67 =  *(_t85 + 8) & 0x00000008;
				asm("sbb ecx, ecx");
				_t79 =  ~_t67 & _t85;
				if(_t67 == 0 ||  *((intOrPtr*)(_t79 + 0xc)) != _t80) {
					goto L22;
				} else {
					_t82 = _t85;
					goto L8;
				}
			}






























                                                                                  0x6d804368
                                                                                  0x6d804370
                                                                                  0x6d804372
                                                                                  0x6d80437e
                                                                                  0x6d804380
                                                                                  0x6d86072a
                                                                                  0x6d86072d
                                                                                  0x6d860732
                                                                                  0x6d860744
                                                                                  0x6d860744
                                                                                  0x6d860746
                                                                                  0x6d860748
                                                                                  0x6d86074d
                                                                                  0x6d86076f
                                                                                  0x6d86076f
                                                                                  0x6d86077b
                                                                                  0x6d86077b
                                                                                  0x6d860780
                                                                                  0x6d860780
                                                                                  0x6d860782
                                                                                  0x6d860786
                                                                                  0x6d860798
                                                                                  0x6d860788
                                                                                  0x6d860792
                                                                                  0x6d860794
                                                                                  0x6d860794
                                                                                  0x6d86079c
                                                                                  0x6d860776
                                                                                  0x6d860776
                                                                                  0x00000000
                                                                                  0x6d86079e
                                                                                  0x6d86079e
                                                                                  0x6d8607a7
                                                                                  0x6d8607a9
                                                                                  0x6d8607ac
                                                                                  0x6d8607be
                                                                                  0x6d8607ae
                                                                                  0x6d8607b8
                                                                                  0x6d8607ba
                                                                                  0x6d8607ba
                                                                                  0x6d8607c2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8607c2
                                                                                  0x6d8607c6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8607c8
                                                                                  0x6d8607d1
                                                                                  0x6d8607d6
                                                                                  0x6d8607d7
                                                                                  0x6d8607df
                                                                                  0x6d8607e3
                                                                                  0x6d8607e7
                                                                                  0x6d8607eb
                                                                                  0x6d8607f3
                                                                                  0x6d8043fb
                                                                                  0x6d8043fb
                                                                                  0x6d8043fd
                                                                                  0x6d8043fd
                                                                                  0x6d804400
                                                                                  0x6d804404
                                                                                  0x6d860800
                                                                                  0x6d860805
                                                                                  0x6d860805
                                                                                  0x6d80440c
                                                                                  0x6d804412
                                                                                  0x6d804414
                                                                                  0x6d804414
                                                                                  0x6d804419
                                                                                  0x6d80441b
                                                                                  0x6d80441f
                                                                                  0x6d804423
                                                                                  0x6d804425
                                                                                  0x6d804429
                                                                                  0x6d80442a
                                                                                  0x6d80442b
                                                                                  0x6d804436
                                                                                  0x6d804436
                                                                                  0x6d86079c
                                                                                  0x6d804386
                                                                                  0x6d80438b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d80439d
                                                                                  0x6d860739
                                                                                  0x6d86073a
                                                                                  0x6d86073f
                                                                                  0x00000000
                                                                                  0x6d86073f
                                                                                  0x6d8043ae
                                                                                  0x6d8043b9
                                                                                  0x6d8043c2
                                                                                  0x6d8043ca
                                                                                  0x6d860757
                                                                                  0x6d860758
                                                                                  0x6d860767
                                                                                  0x6d86076c
                                                                                  0x00000000
                                                                                  0x6d86076c
                                                                                  0x6d8043d0
                                                                                  0x6d8043d2
                                                                                  0x6d8043d8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8043dd
                                                                                  0x6d8043e4
                                                                                  0x6d8043e6
                                                                                  0x6d8043ea
                                                                                  0x00000000
                                                                                  0x6d8043f9
                                                                                  0x6d8043f9
                                                                                  0x00000000
                                                                                  0x6d8043f9

                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() called with invalid flags 0x%08lx,RtlDeactivateActivationContext,FFFFFFFE), ref: 6D860748
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix,RtlDeactivateActivationContext,?,?), ref: 6D860767
                                                                                  • RtlRaiseStatus.BCCB(C000000D), ref: 6D86077B
                                                                                  • RtlRaiseException.BCCB(?,?,?), ref: 6D8607F3
                                                                                  • RtlReleaseActivationContext.BCCB(?), ref: 6D860800
                                                                                  Strings
                                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 6D86075E
                                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 6D860732
                                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 6D86073F
                                                                                  • RtlDeactivateActivationContext, xrefs: 6D86072D, 6D86073A, 6D860759
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: PrintRaise$ActivationContextExceptionReleaseStatus
                                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                  • API String ID: 1148088771-1245972979
                                                                                  • Opcode ID: 7a0c5f3597d8c5dfcd49b5ee651643b35e6e74ade9db30768618461abcb9ec40
                                                                                  • Instruction ID: 91fd45fa753270739d0734b6d3a7a2fbbb7df5aae0f33d9be2e20a4dd5dc17f1
                                                                                  • Opcode Fuzzy Hash: 7a0c5f3597d8c5dfcd49b5ee651643b35e6e74ade9db30768618461abcb9ec40
                                                                                  • Instruction Fuzzy Hash: 8041F4B1658B429FD711CE1ECC49B26B3E1EB84764F118D2DF8A59B340DB31E9018FA6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D800BD0, Relevance: 15.3, APIs: 10, Instructions: 272COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E6D800BD0(wchar_t* _a4, wchar_t** _a8, intOrPtr _a12) {
				char _v5;
				wchar_t* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				wchar_t* _v28;
				signed int _v32;
				long _t110;
				wchar_t** _t113;
				wchar_t* _t114;
				wchar_t* _t115;
				long _t116;
				long _t117;
				signed int _t118;
				int _t121;
				int _t122;
				void* _t123;
				wchar_t** _t126;
				int _t127;
				int _t128;
				wchar_t** _t129;
				signed int _t130;
				wchar_t* _t134;
				char _t135;
				wchar_t** _t138;
				char _t141;
				wchar_t** _t144;
				intOrPtr _t145;
				wchar_t* _t146;
				signed int _t147;
				long _t150;
				wchar_t** _t151;
				void* _t153;
				intOrPtr _t154;
				wchar_t* _t155;
				void* _t157;

				_t146 = _a4;
				_t144 = 0;
				_t129 = 0;
				_v20 = 0;
				_v28 = 0;
				_v5 = 0;
				_t150 =  *_t146 & 0x0000ffff;
				_v12 = 0;
				_v16 = 0;
				_v32 = 0;
				_v24 = 0;
				if(_t150 == 0) {
					_t134 = 0;
					L10:
					_t151 = _v20;
					 *_a8 = _t146;
					if(_t151 != 0) {
						if(_t151 != 3) {
							L13:
							return 0xc000000d;
						}
						_t134 = _t134 + 1;
						_v12 = _t134;
					}
					_t147 = _v32;
					if(_t147 != 0 || _t134 == 7) {
						if(_t129 != 1) {
							if(_t129 != 2) {
								goto L13;
							}
							_t145 = _a12;
							 *((short*)(_t145 + _v24 * 2)) = 0;
							L68:
							if(_t147 != 0) {
								_t153 = _t145 + _t147 * 2;
								_t89 = _t145 + 0x10; // 0x10
								memmove(_t89 + (_t147 - _t134) * 2, _t153, _t134 - _t147 + _t134 - _t147);
								memset(_t153, 0, 8 - _v12 + 8 - _v12);
							}
							return 0;
						}
						if(_t151 != 0) {
							if(_v16 > 3) {
								goto L13;
							}
							_t135 = wcstol(_v28, 0, 0xa);
							_t157 = _t157 + 0xc;
							if(_t135 > 0xff) {
								goto L13;
							}
							_t145 = _a12;
							 *((char*)(_t151 + _v24 * 2 + _t145)) = _t135;
							_t134 = _v12;
							goto L68;
						}
						if(_v16 > 4) {
							goto L13;
						}
						_t110 = wcstol(_v28, _t151, 0x10);
						_t145 = _a12;
						_t157 = _t157 + 0xc;
						 *((short*)(_t145 + _v24 * 2)) = _t110;
						_t134 = _v12;
						goto L68;
					} else {
						goto L13;
					}
				} else {
					goto L1;
				}
				do {
					L1:
					_t113 = _t129;
					if(_t113 == 0) {
						L15:
						if(_t150 == 0x3a) {
							if(_t144 != 0 || _v12 > _t144) {
								L9:
								_t134 = _v12;
								goto L10;
							} else {
								_t114 =  &(_t146[0]);
								if(_t146[0] != 0x3a) {
									goto L9;
								}
								_t130 = _v24;
								_t154 = _a12;
								_v32 = 1;
								_v12 = 2;
								 *((short*)(_t154 + _t130 * 2)) = 0;
								_v24 = 1 + _t130;
								_t146 = _t114;
								_t47 =  &(_t144[0]); // 0x2
								_t129 = _t47;
								L49:
								_t115 = _v28;
								if(_t115 == 0) {
									goto L24;
								}
								if(_t144 != 0) {
									if(_v16 > 3) {
										goto L13;
									}
									_t116 = wcstol(_t115, 0, 0xa);
									_t157 = _t157 + 0xc;
									if(_t116 > 0xff) {
										goto L13;
									}
									_t144 = _v20;
									 *(_t144 + _v24 * 2 + _t154 - 1) = _t116;
									_t141 = _v5;
									goto L24;
								}
								if(_v16 > 4) {
									goto L13;
								}
								_t117 = wcstol(_t115, _t144, 0x10);
								_t144 = _v20;
								_t157 = _t157 + 0xc;
								_t118 = _v24;
								 *((short*)(_t154 + _t118 * 2)) = _t117;
								_t141 = _v5;
								_v24 = 1 + _t118;
								goto L24;
							}
						}
						_t134 = _v12;
						if(_t134 > 7 || _t150 >= 0x80) {
							goto L10;
						} else {
							_t121 = iswctype(_t150, 4);
							_t157 = _t157 + 8;
							if(_t121 != 0) {
								_t144 = _v20;
								_t129 = 1;
								_t138 = 0;
								_v28 = _t146;
								_v16 = 1;
								L23:
								_v5 = _t138;
								goto L24;
							}
							_t122 = iswctype(_t150, 0x80);
							_t157 = _t157 + 8;
							if(_t122 == 0) {
								goto L9;
							}
							_t144 = _v20;
							if(_t144 != 0) {
								goto L9;
							}
							_t129 = 1;
							_v28 = _t146;
							_v16 = 1;
							L22:
							_t138 = 1;
							goto L23;
						}
					}
					_t123 = _t113 - 1;
					if(_t123 != 0) {
						if(_t123 == 1) {
							goto L15;
						}
						L39:
						if(_t129 == 1) {
							goto L24;
						}
						_t154 = _a12;
						goto L49;
					}
					if(_t150 >= 0x80) {
						L7:
						if(_t150 == 0x3a) {
							if(_t144 != 0) {
								goto L9;
							}
							_t155 = _v12;
							if(_t155 > 6) {
								goto L9;
							}
							if(_t146[0] != 0x3a) {
								_t129 = 0;
								_t126 = 1;
								L38:
								_v12 = _t155 + _t126;
								goto L39;
							}
							if(_v32 != _t144) {
								goto L9;
							}
							_t146 =  &(_t146[0]);
							_v32 = _t155 + 1;
							_t129 = 2;
							_t126 = 2;
							goto L38;
						}
						if(_t150 == 0x2e) {
							if(_t141 != 0 || _t144 > 2 || _v12 > 6) {
								goto L9;
							} else {
								_t154 = _a12;
								_t144 =  &(_t144[0]);
								_v20 = _t144;
								_t129 = 0;
								goto L49;
							}
						}
						goto L9;
					}
					_t127 = iswctype(_t150, 4);
					_t157 = _t157 + 8;
					if(_t127 != 0) {
						_v16 = 1 + _v16;
						_t141 = _v5;
						_t144 = _v20;
						goto L24;
					}
					_t128 = iswctype(_t150, 0x80);
					_t144 = _v20;
					_t157 = _t157 + 8;
					if(_t128 != 0) {
						_v16 =  &(_v16[0]);
						if(_t144 == 0) {
							goto L22;
						}
						goto L9;
					}
					_t141 = _v5;
					goto L7;
					L24:
					_t150 = _t146[0] & 0x0000ffff;
					_t146 =  &(_t146[0]);
				} while (_t150 != 0);
				goto L9;
			}







































                                                                                  0x6d800bdb
                                                                                  0x6d800bde
                                                                                  0x6d800be0
                                                                                  0x6d800be2
                                                                                  0x6d800be7
                                                                                  0x6d800bea
                                                                                  0x6d800bed
                                                                                  0x6d800bf0
                                                                                  0x6d800bf3
                                                                                  0x6d800bf6
                                                                                  0x6d800bf9
                                                                                  0x6d800bff
                                                                                  0x6d800d14
                                                                                  0x6d800c69
                                                                                  0x6d800c6c
                                                                                  0x6d800c6f
                                                                                  0x6d800c73
                                                                                  0x6d85e8fd
                                                                                  0x6d800c8d
                                                                                  0x00000000
                                                                                  0x6d800c8d
                                                                                  0x6d85e903
                                                                                  0x6d85e904
                                                                                  0x6d85e904
                                                                                  0x6d800c79
                                                                                  0x6d800c7e
                                                                                  0x6d85e90f
                                                                                  0x6d85e97b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e981
                                                                                  0x6d85e989
                                                                                  0x6d85e98d
                                                                                  0x6d85e98f
                                                                                  0x6d85e993
                                                                                  0x6d85e99d
                                                                                  0x6d85e9a5
                                                                                  0x6d85e9b8
                                                                                  0x6d85e9bd
                                                                                  0x00000000
                                                                                  0x6d85e9c0
                                                                                  0x6d85e913
                                                                                  0x6d85e944
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e956
                                                                                  0x6d85e958
                                                                                  0x6d85e961
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e96a
                                                                                  0x6d85e970
                                                                                  0x6d85e973
                                                                                  0x00000000
                                                                                  0x6d85e973
                                                                                  0x6d85e919
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e925
                                                                                  0x6d85e92a
                                                                                  0x6d85e931
                                                                                  0x6d85e937
                                                                                  0x6d85e93b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d800c05
                                                                                  0x6d800c05
                                                                                  0x6d800c07
                                                                                  0x6d800c0a
                                                                                  0x6d800c9b
                                                                                  0x6d800c9f
                                                                                  0x6d85e82f
                                                                                  0x6d800c66
                                                                                  0x6d800c66
                                                                                  0x00000000
                                                                                  0x6d85e83e
                                                                                  0x6d85e843
                                                                                  0x6d85e846
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e84c
                                                                                  0x6d85e851
                                                                                  0x6d85e854
                                                                                  0x6d85e85b
                                                                                  0x6d85e862
                                                                                  0x6d85e867
                                                                                  0x6d85e86a
                                                                                  0x6d85e86c
                                                                                  0x6d85e86c
                                                                                  0x6d85e86f
                                                                                  0x6d85e86f
                                                                                  0x6d85e874
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e87c
                                                                                  0x6d85e8b2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e8bd
                                                                                  0x6d85e8c2
                                                                                  0x6d85e8ca
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e8d0
                                                                                  0x6d85e8d9
                                                                                  0x6d85e8dd
                                                                                  0x00000000
                                                                                  0x6d85e8dd
                                                                                  0x6d85e882
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e88c
                                                                                  0x6d85e891
                                                                                  0x6d85e898
                                                                                  0x6d85e89b
                                                                                  0x6d85e89e
                                                                                  0x6d85e8a3
                                                                                  0x6d85e8a6
                                                                                  0x00000000
                                                                                  0x6d85e8a6
                                                                                  0x6d85e82f
                                                                                  0x6d800ca5
                                                                                  0x6d800cab
                                                                                  0x00000000
                                                                                  0x6d800cb7
                                                                                  0x6d800cba
                                                                                  0x6d800cbf
                                                                                  0x6d800cc4
                                                                                  0x6d85e8e5
                                                                                  0x6d85e8e8
                                                                                  0x6d85e8ed
                                                                                  0x6d85e8ef
                                                                                  0x6d85e8f2
                                                                                  0x6d800cf0
                                                                                  0x6d800cf0
                                                                                  0x00000000
                                                                                  0x6d800cf0
                                                                                  0x6d800cd0
                                                                                  0x6d800cd5
                                                                                  0x6d800cda
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d800cdc
                                                                                  0x6d800ce1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d800ce3
                                                                                  0x6d800ce8
                                                                                  0x6d800ceb
                                                                                  0x6d800cee
                                                                                  0x6d800cee
                                                                                  0x00000000
                                                                                  0x6d800cee
                                                                                  0x6d800cab
                                                                                  0x6d800c10
                                                                                  0x6d800c13
                                                                                  0x6d85e7a1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e7f9
                                                                                  0x6d85e7fc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e802
                                                                                  0x00000000
                                                                                  0x6d85e802
                                                                                  0x6d800c21
                                                                                  0x6d800c52
                                                                                  0x6d800c56
                                                                                  0x6d85e7b9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e7bf
                                                                                  0x6d85e7c5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e7d0
                                                                                  0x6d85e7ed
                                                                                  0x6d85e7ef
                                                                                  0x6d85e7f4
                                                                                  0x6d85e7f6
                                                                                  0x00000000
                                                                                  0x6d85e7f6
                                                                                  0x6d85e7d5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e7de
                                                                                  0x6d85e7e1
                                                                                  0x6d85e7e4
                                                                                  0x6d85e7e9
                                                                                  0x00000000
                                                                                  0x6d85e7e9
                                                                                  0x6d800c60
                                                                                  0x6d85e809
                                                                                  0x00000000
                                                                                  0x6d85e822
                                                                                  0x6d85e822
                                                                                  0x6d85e825
                                                                                  0x6d85e826
                                                                                  0x6d85e829
                                                                                  0x00000000
                                                                                  0x6d85e829
                                                                                  0x6d85e809
                                                                                  0x00000000
                                                                                  0x6d800c60
                                                                                  0x6d800c26
                                                                                  0x6d800c2b
                                                                                  0x6d800c30
                                                                                  0x6d85e7a9
                                                                                  0x6d85e7ac
                                                                                  0x6d85e7af
                                                                                  0x00000000
                                                                                  0x6d85e7af
                                                                                  0x6d800c3c
                                                                                  0x6d800c41
                                                                                  0x6d800c44
                                                                                  0x6d800c49
                                                                                  0x6d800d08
                                                                                  0x6d800d0d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d800d0f
                                                                                  0x6d800c4f
                                                                                  0x00000000
                                                                                  0x6d800cf3
                                                                                  0x6d800cf3
                                                                                  0x6d800cf7
                                                                                  0x6d800cfa
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • iswctype.BCCB(?,00000004,00000000,?,00000000,?,?,00000000,00000000), ref: 6D800C26
                                                                                  • iswctype.BCCB(?,00000080,?,00000000,?,?,00000000,00000000), ref: 6D800C3C
                                                                                  • iswctype.BCCB(?,00000004,00000000,?,00000000,?,?,00000000,00000000), ref: 6D800CBA
                                                                                  • iswctype.BCCB(?,00000080,?,00000000,?,?,00000000,00000000), ref: 6D800CD0
                                                                                  • wcstol.BCCB(?,00000000,00000010,00000000,?,00000000), ref: 6D85E88C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: iswctype$wcstol
                                                                                  • String ID:
                                                                                  • API String ID: 3196148086-0
                                                                                  • Opcode ID: e8cce5817cc4ce449349599480dfbb7a9bb6f94171a4a7226f78549168923cd8
                                                                                  • Instruction ID: f4552b6ea00960838da670411a6d77724001a848b42b5333ca7a0e54077ef760
                                                                                  • Opcode Fuzzy Hash: e8cce5817cc4ce449349599480dfbb7a9bb6f94171a4a7226f78549168923cd8
                                                                                  • Instruction Fuzzy Hash: 0891B3B5D0421AABDB21CF5ACC887EFB7B1FF51304F108869E854A7390E7319A55CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8946A4, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 206COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 94%
                                                                                  			E6D8946A4(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				int _v28;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t120;
				intOrPtr _t121;
				signed int _t126;
				signed int _t127;
				intOrPtr* _t145;
				intOrPtr* _t147;
				signed int _t148;
				intOrPtr _t149;
				intOrPtr _t150;
				intOrPtr* _t151;
				signed int _t152;
				void* _t153;
				intOrPtr _t155;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t162;
				intOrPtr _t164;
				intOrPtr _t166;
				intOrPtr _t167;
				int _t168;
				intOrPtr _t169;
				signed int _t171;
				intOrPtr* _t172;
				intOrPtr* _t174;
				void* _t175;
				short* _t176;
				signed int _t177;
				void* _t178;

				_t153 = __ecx;
				_t177 = 0;
				_v20 = 0xc00000e5;
				_t172 = _a12;
				_t145 = __edx;
				_v8 = 0;
				_v24 = 0;
				if(_t172 != 0) {
					 *_t172 = 0;
				}
				_t162 =  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x18)) + _t153 + 8));
				_v16 =  *_t145;
				if( *_t145 < _t162 - 1) {
					E6D831D47( &_v20, _a4, _a8, _t172, 0x58, _t153, _t153, 2,  &_v8,  &_v28);
					if(_v24 == 0) {
						_t177 = _v20;
					} else {
						_t164 = _v8;
						_t19 = _t145 + 4; // 0x0
						_t115 =  *_t19;
						_v24 = _t115;
						_t155 =  *((intOrPtr*)(_t164 + 0x14));
						if(_t115 < _t155) {
							_t116 =  *((intOrPtr*)(_t164 + 0x18));
							if(_t116 == 0) {
								L16:
								_t177 = 0xc0150015;
							} else {
								_v20 = _t177;
								_v12 = _t116 + _t164;
								_v16 = _t177;
								if(_t155 != 0) {
									_v28 =  *_t145 + 1;
									_t147 = _v12 + 0xc;
									_t120 = _v24;
									do {
										_t166 = _v8;
										if( *((intOrPtr*)(_t147 + 8)) != _v28) {
											goto L15;
										} else {
											if(_v20 != _t120 ||  *_t147 == _t177) {
												_v20 = _v20 + 1;
												goto L15;
											} else {
												_t157 =  *_t147 + _t166;
												_v24 = _t157;
												if(_t157 == 0) {
													goto L16;
												} else {
													_t148 = _v16 * 0x18;
													_t121 = 0x14;
													_v20 = _t148;
													_t149 =  *((intOrPtr*)(_t148 + _v12 + 8));
													_t174 = _a12;
													if(_t149 != 0) {
														_t121 = _t149 + 0x16;
													}
													_t150 =  *((intOrPtr*)(_t157 + 8));
													if(_t150 != 0) {
														_t121 = _t121 + 2 + _t150;
													}
													if(_t121 <= _a8) {
														_t151 = _a4;
														_t167 = _v12;
														 *_t151 =  *((intOrPtr*)(_t157 + 4));
														_t51 = _t151 + 0x14; // 0x15
														_t175 = _t51;
														 *((intOrPtr*)(_t151 + 4)) =  *((intOrPtr*)(_v20 + _t167 + 8));
														 *((intOrPtr*)(_t151 + 8)) =  *((intOrPtr*)(_t157 + 8));
														_t126 = _v20;
														 *(_t151 + 0xc) = _t177;
														 *(_t151 + 0x10) = _t177;
														_t168 =  *((intOrPtr*)(_t126 + _t167 + 8));
														_v28 = _t168;
														_t169 = _v8;
														if(_t168 != 0) {
															memcpy(_t175,  *((intOrPtr*)(_t126 + _v12 + 4)) + _t169, _v28);
															_t178 = _t178 + 0xc;
															 *(_t151 + 0xc) = _t175;
															_t176 = _t175 +  *((intOrPtr*)(_v20 + _v12 + 8));
															_t157 = _v24;
															 *_t176 = 0;
															_t175 = _t176 + 2;
														}
														if( *((intOrPtr*)(_t157 + 8)) != _t177) {
															_t127 =  *(_t157 + 0x10);
															if(_t127 != 0) {
																_t171 = _t127 * 0x2c + _v8;
																_v20 = _t171;
																if(_t171 != 0) {
																	 *(_t151 + 0x10) = _t175;
																	_t152 = _t177;
																	if( *((intOrPtr*)(_t157 + 0xc)) <= _t177) {
																		L37:
																		 *_t175 = 0;
																	} else {
																		_t158 = _v24;
																		_v28 = _a4 + _a8;
																		while( *((intOrPtr*)(_t171 + 4 + _t152 * 8)) + 2 + _t175 <= _v28) {
																			if( *((intOrPtr*)(_t171 + 4 + _t152 * 8)) != _t177) {
																				memcpy(_t175, _v8 +  *((intOrPtr*)(_t171 + 4 + _t152 * 8)),  *(_t171 + _t152 * 8));
																				_t171 = _v20;
																				_t178 = _t178 + 0xc;
																				_t158 = _v24;
																				_t175 = _t175 +  *(_t171 + _t152 * 8);
																			}
																			_t152 = _t152 + 1;
																			if(_t152 <  *((intOrPtr*)(_t158 + 0xc))) {
																				continue;
																			} else {
																				goto L37;
																			}
																			goto L39;
																		}
																		goto L16;
																	}
																}
															}
														}
													} else {
														if(_t174 != 0) {
															 *_t174 = _t121;
														}
														_t177 = 0xc0000023;
													}
												}
											}
										}
										goto L39;
										L15:
										_v16 = _v16 + 1;
										_t147 = _t147 + 0x18;
									} while (_v16 < _t155);
								}
								goto L16;
							}
						} else {
							_push( *_t145);
							_push(_t155);
							_push(_t115);
							E6D895720(0x33, _t177, "SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u)\n", "RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation");
							goto L4;
						}
					}
				} else {
					_push(_t162);
					_push(_v16);
					E6D895720(0x33, _t177, "SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context\n", "RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation");
					L4:
					_t177 = 0xc000000d;
				}
				L39:
				return _t177;
			}







































                                                                                  0x6d8946a4
                                                                                  0x6d8946ae
                                                                                  0x6d8946b0
                                                                                  0x6d8946b8
                                                                                  0x6d8946bb
                                                                                  0x6d8946bd
                                                                                  0x6d8946c0
                                                                                  0x6d8946c5
                                                                                  0x6d8946c7
                                                                                  0x6d8946c7
                                                                                  0x6d8946cc
                                                                                  0x6d8946d2
                                                                                  0x6d8946da
                                                                                  0x6d89471b
                                                                                  0x6d894727
                                                                                  0x6d8948c0
                                                                                  0x6d89472d
                                                                                  0x6d89472d
                                                                                  0x6d894730
                                                                                  0x6d894730
                                                                                  0x6d894733
                                                                                  0x6d894736
                                                                                  0x6d89473b
                                                                                  0x6d894758
                                                                                  0x6d89475d
                                                                                  0x6d89479f
                                                                                  0x6d89479f
                                                                                  0x6d89475f
                                                                                  0x6d894761
                                                                                  0x6d894764
                                                                                  0x6d894767
                                                                                  0x6d89476c
                                                                                  0x6d894774
                                                                                  0x6d894777
                                                                                  0x6d89477a
                                                                                  0x6d89477d
                                                                                  0x6d894783
                                                                                  0x6d894786
                                                                                  0x00000000
                                                                                  0x6d894788
                                                                                  0x6d89478b
                                                                                  0x6d894791
                                                                                  0x00000000
                                                                                  0x6d8947a9
                                                                                  0x6d8947ab
                                                                                  0x6d8947ad
                                                                                  0x6d8947b0
                                                                                  0x00000000
                                                                                  0x6d8947b2
                                                                                  0x6d8947b2
                                                                                  0x6d8947bb
                                                                                  0x6d8947bc
                                                                                  0x6d8947bf
                                                                                  0x6d8947c3
                                                                                  0x6d8947c8
                                                                                  0x6d8947ca
                                                                                  0x6d8947ca
                                                                                  0x6d8947cd
                                                                                  0x6d8947d2
                                                                                  0x6d8947d7
                                                                                  0x6d8947d7
                                                                                  0x6d8947dc
                                                                                  0x6d8947ee
                                                                                  0x6d8947f4
                                                                                  0x6d8947f7
                                                                                  0x6d8947f9
                                                                                  0x6d8947f9
                                                                                  0x6d894803
                                                                                  0x6d894809
                                                                                  0x6d89480c
                                                                                  0x6d89480f
                                                                                  0x6d894812
                                                                                  0x6d894815
                                                                                  0x6d89481b
                                                                                  0x6d89481e
                                                                                  0x6d894821
                                                                                  0x6d894831
                                                                                  0x6d894839
                                                                                  0x6d89483f
                                                                                  0x6d894842
                                                                                  0x6d894848
                                                                                  0x6d89484b
                                                                                  0x6d89484e
                                                                                  0x6d89484e
                                                                                  0x6d894854
                                                                                  0x6d894856
                                                                                  0x6d89485b
                                                                                  0x6d894860
                                                                                  0x6d894863
                                                                                  0x6d894866
                                                                                  0x6d894868
                                                                                  0x6d89486b
                                                                                  0x6d894870
                                                                                  0x6d8948b9
                                                                                  0x6d8948bb
                                                                                  0x6d894872
                                                                                  0x6d894878
                                                                                  0x6d89487b
                                                                                  0x6d89487e
                                                                                  0x6d894894
                                                                                  0x6d8948a2
                                                                                  0x6d8948a7
                                                                                  0x6d8948aa
                                                                                  0x6d8948ad
                                                                                  0x6d8948b0
                                                                                  0x6d8948b0
                                                                                  0x6d8948b3
                                                                                  0x6d8948b7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8948b7
                                                                                  0x00000000
                                                                                  0x6d89487e
                                                                                  0x6d894870
                                                                                  0x6d894866
                                                                                  0x6d89485b
                                                                                  0x6d8947de
                                                                                  0x6d8947e0
                                                                                  0x6d8947e2
                                                                                  0x6d8947e2
                                                                                  0x6d8947e4
                                                                                  0x6d8947e4
                                                                                  0x6d8947dc
                                                                                  0x6d8947b0
                                                                                  0x6d89478b
                                                                                  0x00000000
                                                                                  0x6d894794
                                                                                  0x6d894794
                                                                                  0x6d894797
                                                                                  0x6d89479a
                                                                                  0x6d89477d
                                                                                  0x00000000
                                                                                  0x6d89476c
                                                                                  0x6d89473d
                                                                                  0x6d89473d
                                                                                  0x6d89473f
                                                                                  0x6d894740
                                                                                  0x6d89474e
                                                                                  0x00000000
                                                                                  0x6d894753
                                                                                  0x6d89473b
                                                                                  0x6d8946dc
                                                                                  0x6d8946dc
                                                                                  0x6d8946dd
                                                                                  0x6d8946ed
                                                                                  0x6d8946f5
                                                                                  0x6d8946f5
                                                                                  0x6d8946f5
                                                                                  0x6d8948c4
                                                                                  0x6d8948cb

                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context,RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation,?,?,6D8517F0,00000000,?,00000000,?), ref: 6D8946ED
                                                                                    • Part of subcall function 6D831D47: memset.BCCB(00000000,00000000,6D8517F0,?,00000001,00000000,?,6D808D70,00000000,?,?,00000030,?,?,00000001,?), ref: 6D831D87
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u),RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation,00000000,?,6D8DFE98,00000001,?,C00000E5,00000058,?,?,00000002,-00000F38,00000000), ref: 6D89474E
                                                                                  • memcpy.BCCB(00000015,?,00000000,00000001,?,C00000E5,00000058,?,?,00000002,-00000F38,00000000,6D8517F0,00000000,?,00000000), ref: 6D894831
                                                                                  • memcpy.BCCB(00000015,?,-00000F38,00000001,?,C00000E5,00000058,?,?,00000002,-00000F38,00000000,6D8517F0,00000000,?,00000000), ref: 6D8948A2
                                                                                  Strings
                                                                                  • SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context, xrefs: 6D8946E5
                                                                                  • SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u), xrefs: 6D894746
                                                                                  • RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation, xrefs: 6D8946E0, 6D894741
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Printmemcpy$memset
                                                                                  • String ID: RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation$SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u)$SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context
                                                                                  • API String ID: 3998808364-2744866428
                                                                                  • Opcode ID: 485d79fb05a423c78653eeef5bc83eb3b13a24fdee64bfc07b5d7f4142573ba2
                                                                                  • Instruction ID: 278aad9116dddc4f951d99f36b5bb0bb448705d8b0b558f5dc6c716fa23c6cef
                                                                                  • Opcode Fuzzy Hash: 485d79fb05a423c78653eeef5bc83eb3b13a24fdee64bfc07b5d7f4142573ba2
                                                                                  • Instruction Fuzzy Hash: AE8131B5D0021AEFDB00CF8DC8C59AEB7B5FF89314B148959E854AB305D330DA51CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D894496, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 195COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 48%
                                                                                  			E6D894496(void* __ecx, signed int __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				short _v12;
				char _v16;
				char _v20;
				intOrPtr _t96;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr* _t128;
				void* _t154;
				intOrPtr _t155;
				intOrPtr* _t162;
				void* _t165;
				signed int _t167;
				void* _t169;
				intOrPtr* _t170;
				void* _t171;
				short* _t172;
				short* _t173;
				short* _t174;
				void* _t175;

				_t170 = _a12;
				_t167 = __edx;
				_v16 = 0xc00000e5;
				_t165 = __ecx;
				_v12 = 0;
				if(_t170 != 0) {
					 *_t170 = 0;
				}
				_t96 =  *((intOrPtr*)(_t165 + 0x18));
				_t154 =  *((intOrPtr*)(_t96 + _t165 + 0xc)) + _t165;
				if(_t167 <  *((intOrPtr*)(_t96 + _t165 + 8))) {
					asm("lfence");
					_push( &_v20);
					_t169 =  *((intOrPtr*)(_t167 * 0x18 + _t154 + 0x10)) + _t165;
					_push( &_v8);
					_push(1);
					_push(0);
					_push(_t165);
					_t155 = 0x58;
					_push(_t155);
					_push(_t170);
					_push(_a8);
					_push(_a4);
					E6D831D47( &_v16);
					if(_v12 == 0) {
						return _v16;
					}
					_t20 = _t169 + 8; // 0xffffff98
					_t106 =  *_t20;
					if(_t106 != 0) {
						_t21 = _t106 + 0x5a; // 0xfffffff2
						_t155 = _t21;
					}
					_t22 = _t169 + 0x14; // 0x0
					_t107 =  *_t22;
					if(_t107 != 0) {
						_t155 = _t155 + 2 + _t107;
					}
					_t23 = _t169 + 0x28; // 0xffffffc4
					_t108 =  *_t23;
					if(_t108 != 0) {
						_t155 = _t155 + 2 + _t108;
					}
					_t24 = _t169 + 0x50; // 0xfffffecc
					_t109 =  *_t24;
					if(_t109 != 0) {
						_t155 = _t155 + 2 + _t109;
					}
					if(_t155 <= _a8) {
						_t162 = _a4;
						_t27 = _t169 + 4; // 0x0
						 *_t162 =  *_t27;
						_t28 = _t162 + 0x58; // 0x59
						_t171 = _t28;
						_t29 = _t169 + 8; // 0xffffff98
						 *((intOrPtr*)(_t162 + 4)) =  *_t29;
						_t31 = _t169 + 0x10; // 0xfffffffe
						 *((intOrPtr*)(_t162 + 8)) =  *_t31;
						_t33 = _t169 + 0x14; // 0x0
						 *((intOrPtr*)(_t162 + 0xc)) =  *_t33;
						_t35 = _t169 + 0x1c; // 0x0
						 *((intOrPtr*)(_t162 + 0x10)) =  *_t35;
						_t37 = _t169 + 0x20; // 0xfffffffe
						 *((intOrPtr*)(_t162 + 0x14)) =  *_t37;
						_t39 = _t169 + 0x24; // 0x0
						 *((intOrPtr*)(_t162 + 0x18)) =  *_t39;
						_t41 = _t169 + 0x28; // 0xffffffc4
						 *((intOrPtr*)(_t162 + 0x1c)) =  *_t41;
						_t43 = _t169 + 0x30; // 0xfffffffe
						 *((intOrPtr*)(_t162 + 0x20)) =  *_t43;
						_t45 = _t169 + 0x34; // 0x0
						 *((intOrPtr*)(_t162 + 0x24)) =  *_t45;
						_t47 = _t169 + 0x38; // 0x6d874794
						 *((intOrPtr*)(_t162 + 0x28)) =  *_t47;
						_t49 = _t169 + 0x40; // 0x0
						 *((intOrPtr*)(_t162 + 0x2c)) =  *_t49;
						_t51 = _t169 + 0x44; // 0x6d8747bb
						 *((intOrPtr*)(_t162 + 0x30)) =  *_t51;
						_t53 = _t169 + 0x48; // 0xffffffe4
						 *((intOrPtr*)(_t162 + 0x34)) =  *_t53;
						_t55 = _t169 + 0x4c; // 0x0
						 *((intOrPtr*)(_t162 + 0x38)) =  *_t55;
						_t57 = _t169 + 0x50; // 0xfffffecc
						 *((intOrPtr*)(_t162 + 0x3c)) =  *_t57;
						 *((intOrPtr*)(_t162 + 0x40)) = 0;
						 *((intOrPtr*)(_t162 + 0x44)) = 0;
						 *((intOrPtr*)(_t162 + 0x48)) = 0;
						 *((intOrPtr*)(_t162 + 0x4c)) = 0;
						_t63 = _t169 + 0x58; // 0xfffffffe
						 *((intOrPtr*)(_t162 + 0x50)) =  *_t63;
						if( *(_t169 + 8) != 0) {
							_t66 = _t169 + 8; // 0xffffff98
							_t67 = _t169 + 0xc; // 0x0
							memcpy(_t171,  *_t67 + _v8,  *_t66);
							_t175 = _t175 + 0xc;
							 *(_a4 + 0x40) = _t171;
							_t71 = _t169 + 8; // 0xffffff98
							_t174 = _t171 +  *_t71;
							 *_t174 = 0;
							_t171 = _t174 + 2;
						}
						if( *(_t169 + 0x14) != 0) {
							_t73 = _t169 + 0x14; // 0x0
							_t74 = _t169 + 0x18; // 0x6d874765
							memcpy(_t171,  *_t74 + _v8,  *_t73);
							_t175 = _t175 + 0xc;
							 *(_a4 + 0x44) = _t171;
							_t78 = _t169 + 0x14; // 0x0
							_t173 = _t171 +  *_t78;
							 *_t173 = 0;
							_t171 = _t173 + 2;
						}
						if( *(_t169 + 0x28) != 0) {
							_t80 = _t169 + 0x28; // 0xffffffc4
							_t81 = _t169 + 0x2c; // 0x0
							memcpy(_t171,  *_t81 + _v8,  *_t80);
							_t175 = _t175 + 0xc;
							 *(_a4 + 0x48) = _t171;
							_t85 = _t169 + 0x28; // 0xffffffc4
							_t172 = _t171 +  *_t85;
							 *_t172 = 0;
							_t171 = _t172 + 2;
						}
						if( *(_t169 + 0x50) != 0) {
							_t87 = _t169 + 0x50; // 0xfffffecc
							_t88 = _t169 + 0x54; // 0x0
							memcpy(_t171,  *_t88 + _v8,  *_t87);
							 *(_a4 + 0x4c) = _t171;
							_t92 = _t169 + 0x50; // 0xfffffecc
							 *((short*)(_t171 +  *_t92)) = 0;
						}
						_t128 = _a12;
						if(_t128 != 0) {
							 *_t128 = _t155;
						}
						return 0;
					} else {
						if(_t170 != 0) {
							 *_t170 = _t155;
						}
						return 0xc0000023;
					}
				} else {
					_push( *((intOrPtr*)(_t96 + _t165 + 8)));
					_push(_t167);
					E6D895720(0x33, 0, "SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context\n", "RtlpQueryAssemblyInformationActivationContextDetailedInformation");
					return 0xc000000d;
				}
			}

























                                                                                  0x6d8944a0
                                                                                  0x6d8944a4
                                                                                  0x6d8944a6
                                                                                  0x6d8944ad
                                                                                  0x6d8944b1
                                                                                  0x6d8944b6
                                                                                  0x6d8944b8
                                                                                  0x6d8944b8
                                                                                  0x6d8944ba
                                                                                  0x6d8944c1
                                                                                  0x6d8944c7
                                                                                  0x6d8944f0
                                                                                  0x6d8944fa
                                                                                  0x6d8944fe
                                                                                  0x6d894500
                                                                                  0x6d894504
                                                                                  0x6d894506
                                                                                  0x6d894507
                                                                                  0x6d89450a
                                                                                  0x6d89450b
                                                                                  0x6d89450c
                                                                                  0x6d89450d
                                                                                  0x6d894513
                                                                                  0x6d894517
                                                                                  0x6d894523
                                                                                  0x00000000
                                                                                  0x6d894698
                                                                                  0x6d894529
                                                                                  0x6d894529
                                                                                  0x6d89452e
                                                                                  0x6d894530
                                                                                  0x6d894530
                                                                                  0x6d894530
                                                                                  0x6d894533
                                                                                  0x6d894533
                                                                                  0x6d894538
                                                                                  0x6d89453d
                                                                                  0x6d89453d
                                                                                  0x6d89453f
                                                                                  0x6d89453f
                                                                                  0x6d894544
                                                                                  0x6d894549
                                                                                  0x6d894549
                                                                                  0x6d89454b
                                                                                  0x6d89454b
                                                                                  0x6d894550
                                                                                  0x6d894555
                                                                                  0x6d894555
                                                                                  0x6d89455a
                                                                                  0x6d89456c
                                                                                  0x6d89456f
                                                                                  0x6d894572
                                                                                  0x6d894574
                                                                                  0x6d894574
                                                                                  0x6d894577
                                                                                  0x6d89457a
                                                                                  0x6d89457d
                                                                                  0x6d894580
                                                                                  0x6d894583
                                                                                  0x6d894586
                                                                                  0x6d894589
                                                                                  0x6d89458c
                                                                                  0x6d89458f
                                                                                  0x6d894592
                                                                                  0x6d894595
                                                                                  0x6d894598
                                                                                  0x6d89459b
                                                                                  0x6d89459e
                                                                                  0x6d8945a1
                                                                                  0x6d8945a4
                                                                                  0x6d8945a7
                                                                                  0x6d8945aa
                                                                                  0x6d8945ad
                                                                                  0x6d8945b0
                                                                                  0x6d8945b3
                                                                                  0x6d8945b6
                                                                                  0x6d8945b9
                                                                                  0x6d8945bc
                                                                                  0x6d8945bf
                                                                                  0x6d8945c2
                                                                                  0x6d8945c5
                                                                                  0x6d8945c8
                                                                                  0x6d8945cb
                                                                                  0x6d8945ce
                                                                                  0x6d8945d3
                                                                                  0x6d8945d6
                                                                                  0x6d8945d9
                                                                                  0x6d8945dc
                                                                                  0x6d8945df
                                                                                  0x6d8945e2
                                                                                  0x6d8945e9
                                                                                  0x6d8945eb
                                                                                  0x6d8945ee
                                                                                  0x6d8945f6
                                                                                  0x6d8945fe
                                                                                  0x6d894601
                                                                                  0x6d894606
                                                                                  0x6d894606
                                                                                  0x6d894609
                                                                                  0x6d89460c
                                                                                  0x6d89460c
                                                                                  0x6d894613
                                                                                  0x6d894615
                                                                                  0x6d894618
                                                                                  0x6d894620
                                                                                  0x6d894628
                                                                                  0x6d89462b
                                                                                  0x6d894630
                                                                                  0x6d894630
                                                                                  0x6d894633
                                                                                  0x6d894636
                                                                                  0x6d894636
                                                                                  0x6d89463d
                                                                                  0x6d89463f
                                                                                  0x6d894642
                                                                                  0x6d89464a
                                                                                  0x6d894652
                                                                                  0x6d894655
                                                                                  0x6d89465a
                                                                                  0x6d89465a
                                                                                  0x6d89465d
                                                                                  0x6d894660
                                                                                  0x6d894660
                                                                                  0x6d894667
                                                                                  0x6d894669
                                                                                  0x6d89466c
                                                                                  0x6d894674
                                                                                  0x6d894681
                                                                                  0x6d894684
                                                                                  0x6d894687
                                                                                  0x6d894687
                                                                                  0x6d89468b
                                                                                  0x6d894690
                                                                                  0x6d894692
                                                                                  0x6d894692
                                                                                  0x00000000
                                                                                  0x6d89455c
                                                                                  0x6d89455e
                                                                                  0x6d894560
                                                                                  0x6d894560
                                                                                  0x00000000
                                                                                  0x6d894562
                                                                                  0x6d8944c9
                                                                                  0x6d8944c9
                                                                                  0x6d8944cd
                                                                                  0x6d8944db
                                                                                  0x00000000
                                                                                  0x6d8944e3

                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context,RtlpQueryAssemblyInformationActivationContextDetailedInformation,?,?,6D8517F0,00000000,?,?), ref: 6D8944DB
                                                                                    • Part of subcall function 6D831D47: memset.BCCB(00000000,00000000,6D8517F0,?,00000001,00000000,?,6D808D70,00000000,?,?,00000030,?,?,00000001,?), ref: 6D831D87
                                                                                  • memcpy.BCCB(00000059,-00000F38,FFFFFF98,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6D8517F0,00000000,?,?), ref: 6D8945F6
                                                                                  • memcpy.BCCB(00000059,-00000F38,00000000,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6D8517F0,00000000,?,?), ref: 6D894620
                                                                                  • memcpy.BCCB(00000059,-00000F38,FFFFFFC4,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6D8517F0,00000000,?,?), ref: 6D89464A
                                                                                  • memcpy.BCCB(00000059,-00000F38,FFFFFECC,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6D8517F0,00000000,?,?), ref: 6D894674
                                                                                  Strings
                                                                                  • RtlpQueryAssemblyInformationActivationContextDetailedInformation, xrefs: 6D8944CE
                                                                                  • SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context, xrefs: 6D8944D3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy$Printmemset
                                                                                  • String ID: RtlpQueryAssemblyInformationActivationContextDetailedInformation$SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context
                                                                                  • API String ID: 3378804984-1390252366
                                                                                  • Opcode ID: d1244f0bb8fa6ded0b7fe9d1c16fc2369693a962be862d499f98a6b44118b3d5
                                                                                  • Instruction ID: 803a9dedade991528c55250c74e7e15647247c812affb74b39e0eb4ddf2c5891
                                                                                  • Opcode Fuzzy Hash: d1244f0bb8fa6ded0b7fe9d1c16fc2369693a962be862d499f98a6b44118b3d5
                                                                                  • Instruction Fuzzy Hash: 098117B5A00606AFD750CF6CC884A99B7F4FF48318B158969E958DB701E331F9A2CF94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8042EB, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 92%
                                                                                  			E6D8042EB(void* __ecx) {
				int _v8;
				void* _v12;
				void* _t25;
				void* _t29;
				int _t32;
				int _t35;
				intOrPtr _t37;
				char* _t40;
				intOrPtr _t42;
				int _t45;
				intOrPtr _t46;
				intOrPtr _t49;
				void* _t52;
				void* _t54;
				void* _t55;

				_push(__ecx);
				_push(__ecx);
				_t37 =  *((intOrPtr*)(__ecx + 0x18));
				_t52 = 0;
				E6D81E9C0(3, _t37, 0, 0,  &_v12);
				_t49 = _v12;
				_t42 =  *((intOrPtr*)(_t49 + 0x78));
				if(_t42 != 0) {
					if( *((intOrPtr*)(_t49 + 0x7c)) <= 0) {
						goto L1;
					}
					_t46 =  *((intOrPtr*)(_t49 + 0x50));
					if(_t42 >= _t46 - 0xd) {
						goto L1;
					}
					_t43 =  *((intOrPtr*)(_t42 + _t37 + 0xc));
					if( *((intOrPtr*)(_t42 + _t37 + 0xc)) > _t46 - 0xc) {
						goto L1;
					}
					_push(0xc);
					_t29 = E6D84E000(_t43 + _t37, "secserv.dll");
					_t55 = _t54 + 0xc;
					if(_t29 != 0) {
						goto L1;
					}
					_t40 = _t49 + 0x18 + ( *(_t49 + 0x14) & 0x0000ffff);
					_t45 = 1;
					_t32 = 1;
					_v12 = 1;
					_v8 = 1;
					if(0 >=  *(_t49 + 6)) {
						goto L1;
					} else {
						L9:
						while(1) {
							if(_t32 != 0) {
								_t35 = strncmp(_t40, ".txt", 5);
								_t45 = _v12;
								_t55 = _t55 + 0xc;
								_v8 = _t35;
							}
							if(_t45 != 0) {
								_t45 = strncmp(_t40, ".txt2", 6);
								_t55 = _t55 + 0xc;
								_v12 = _t45;
							}
							if(_v8 != 0 || _t45 != 0) {
								_t40 =  &(_t40[0x28]);
								_t52 = _t52 + 1;
								if(_t52 >= ( *(_t49 + 6) & 0x0000ffff)) {
									goto L1;
								}
								_t32 = _v8;
								continue;
							} else {
								_t25 = 1;
								L2:
								return _t25;
							}
						}
					}
				}
				L1:
				_t25 = 0;
				goto L2;
			}


















                                                                                  0x6d8042f0
                                                                                  0x6d8042f1
                                                                                  0x6d8042f3
                                                                                  0x6d8042fc
                                                                                  0x6d804303
                                                                                  0x6d804308
                                                                                  0x6d80430b
                                                                                  0x6d804310
                                                                                  0x6d80431e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d804320
                                                                                  0x6d804328
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d80432a
                                                                                  0x6d804333
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d804335
                                                                                  0x6d804340
                                                                                  0x6d804345
                                                                                  0x6d80434a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8606b7
                                                                                  0x6d8606bd
                                                                                  0x6d8606be
                                                                                  0x6d8606bf
                                                                                  0x6d8606c4
                                                                                  0x6d8606cb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8606d1
                                                                                  0x6d8606d3
                                                                                  0x6d8606dd
                                                                                  0x6d8606e2
                                                                                  0x6d8606e5
                                                                                  0x6d8606e8
                                                                                  0x6d8606e8
                                                                                  0x6d8606ed
                                                                                  0x6d8606fc
                                                                                  0x6d8606fe
                                                                                  0x6d860701
                                                                                  0x6d860701
                                                                                  0x6d860708
                                                                                  0x6d860719
                                                                                  0x6d86071c
                                                                                  0x6d86071f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d860725
                                                                                  0x00000000
                                                                                  0x6d86070e
                                                                                  0x6d86070e
                                                                                  0x6d804314
                                                                                  0x6d80431a
                                                                                  0x6d80431a
                                                                                  0x6d860708
                                                                                  0x6d8606d1
                                                                                  0x6d8606cb
                                                                                  0x6d804312
                                                                                  0x6d804312
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlImageNtHeaderEx.BCCB(00000003,?,00000000,00000000,?,?,?,00000000,?,?,?,6D804176,00000003,?,00000000,00000000), ref: 6D804303
                                                                                  • _strnicmp.BCCB(?,secserv.dll,0000000C,00000003,?,00000000,00000000,?,?,?,00000000,?,?,?,6D804176,00000003), ref: 6D804340
                                                                                  • strncmp.BCCB(?,.txt,00000005), ref: 6D8606DD
                                                                                  • strncmp.BCCB(?,.txt2,00000006), ref: 6D8606F7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: strncmp$HeaderImage_strnicmp
                                                                                  • String ID: .txt$.txt2$secserv.dll
                                                                                  • API String ID: 290936131-436433099
                                                                                  • Opcode ID: 91593c57ddb7fc3036acfffa7bbd615ef62177a4c1fc55af186a488234d9fc97
                                                                                  • Instruction ID: 4597ca31fce40aec7e843c21e3e7433b8952da31431a2190072be324eee5f986
                                                                                  • Opcode Fuzzy Hash: 91593c57ddb7fc3036acfffa7bbd615ef62177a4c1fc55af186a488234d9fc97
                                                                                  • Instruction Fuzzy Hash: 1121E470A4420BABDB04CE5A8C88EBBB77DBB84759F114968E506D7141F330AA51DBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8041F7, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E6D8041F7(intOrPtr __ecx) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				int _t26;
				int _t31;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				void* _t37;
				intOrPtr _t39;
				void* _t40;
				char* _t42;
				void* _t43;
				int _t49;

				_t33 = __ecx;
				_v12 = __ecx;
				E6D81E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v8);
				_t40 = 0;
				_t34 = _v8;
				_v16 =  *((intOrPtr*)(_t33 + 0x1c));
				_t42 = _t34 + 0x18 + ( *(_t34 + 0x14) & 0x0000ffff);
				if(0 >=  *(_t34 + 6)) {
					L8:
					return 0;
				} else {
					goto L1;
				}
				do {
					L1:
					if(_t42[0xc] != 0 && _t42[8] != 0) {
						_t26 = strncmp(_t42, ".aspack", 8);
						_t43 = _t43 + 0xc;
						if(_t26 == 0) {
							L11:
							_t39 = _v16;
							_t37 = _t42[0xc] +  *((intOrPtr*)(_v12 + 0x18));
							if(_t39 >= _t37 && _t39 <= _t42[8] + _t37) {
								L6:
								if(_t49 == 0) {
									return 1;
								}
							}
							goto L7;
						}
						_t31 = strncmp(_t42, ".pcle", 6);
						_t43 = _t43 + 0xc;
						if(_t31 == 0) {
							goto L11;
						}
						_t32 = strncmp(_t42, ".sforce", 8);
						_t43 = _t43 + 0xc;
						_t49 = _t32;
						goto L6;
					}
					L7:
					_t40 = _t40 + 1;
					_t42 =  &(_t42[0x28]);
				} while (_t40 < ( *(_t34 + 6) & 0x0000ffff));
				goto L8;
			}

















                                                                                  0x6d804205
                                                                                  0x6d80420f
                                                                                  0x6d804214
                                                                                  0x6d80421c
                                                                                  0x6d80421e
                                                                                  0x6d804221
                                                                                  0x6d80422b
                                                                                  0x6d804233
                                                                                  0x6d804291
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d804235
                                                                                  0x6d804235
                                                                                  0x6d804239
                                                                                  0x6d804249
                                                                                  0x6d80424e
                                                                                  0x6d804253
                                                                                  0x6d86064c
                                                                                  0x6d860652
                                                                                  0x6d860655
                                                                                  0x6d86065a
                                                                                  0x6d804283
                                                                                  0x6d804283
                                                                                  0x00000000
                                                                                  0x6d80429a
                                                                                  0x6d804283
                                                                                  0x00000000
                                                                                  0x6d86065a
                                                                                  0x6d804261
                                                                                  0x6d804266
                                                                                  0x6d80426b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d804279
                                                                                  0x6d80427e
                                                                                  0x6d804281
                                                                                  0x00000000
                                                                                  0x6d804281
                                                                                  0x6d804285
                                                                                  0x6d804289
                                                                                  0x6d80428a
                                                                                  0x6d80428d
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlImageNtHeaderEx.BCCB(00000003,?,00000000,00000000,?,?,?,00000000), ref: 6D804214
                                                                                  • strncmp.BCCB(?,.aspack,00000008,00000003,?,00000000,00000000,?,?,?,00000000), ref: 6D804249
                                                                                  • strncmp.BCCB(?,.pcle,00000006,?,?,00000000), ref: 6D804261
                                                                                  • strncmp.BCCB(?,.sforce,00000008,?,?,?,?,?,00000000), ref: 6D804279
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: strncmp$HeaderImage
                                                                                  • String ID: .aspack$.pcle$.sforce
                                                                                  • API String ID: 3137002299-3067156003
                                                                                  • Opcode ID: 6ba7659bd725853009cf6c1d8a3c320024736f5d9d47f168d8f61c491bde98b9
                                                                                  • Instruction ID: a03d6d20f17a188bd2c64217a6755080612f327814c958da983d637ac92ab913
                                                                                  • Opcode Fuzzy Hash: 6ba7659bd725853009cf6c1d8a3c320024736f5d9d47f168d8f61c491bde98b9
                                                                                  • Instruction Fuzzy Hash: 57210B31B4130167E7108F9ADC85F6F73BDAF98358F008855ED0496246E730DD95CAA6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D81EC7F, Relevance: 12.3, APIs: 8, Instructions: 256memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 86%
                                                                                  			E6D81EC7F(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t65;
				intOrPtr* _t67;
				intOrPtr _t69;
				intOrPtr _t72;
				intOrPtr _t73;
				void* _t75;
				intOrPtr _t76;
				signed int _t77;
				void* _t78;
				intOrPtr _t80;
				signed int _t81;
				void* _t83;
				void* _t85;
				intOrPtr _t90;
				void* _t91;
				void* _t96;
				void _t99;
				intOrPtr* _t104;
				intOrPtr* _t106;
				unsigned int _t112;
				unsigned int _t114;
				intOrPtr* _t115;
				void* _t118;
				intOrPtr _t120;
				unsigned int _t122;
				unsigned int _t124;
				intOrPtr* _t125;
				intOrPtr* _t129;
				intOrPtr* _t134;
				intOrPtr* _t136;
				void* _t138;
				signed int* _t140;
				void* _t141;
				void* _t143;
				void* _t146;
				intOrPtr _t148;
				void* _t149;
				void* _t151;
				void* _t153;

				_push(_t96);
				_t146 = __ecx;
				_push(_t138);
				_t65 =  *(__ecx + 0x50);
				if( *((intOrPtr*)(_t65 + 0xc)) == 0xffffffff) {
					L3:
					return _t65;
				} else {
					_t65 =  *_t65;
					if(( *(_t65 - 0x20) & 0x00000020) != 0) {
						goto L3;
					} else {
						_t65 = _t65 | 0xffffffff;
						asm("lock xadd [esi+0x9c], eax");
						if(_t65 == 0) {
							E6D822280(_t65, 0x6d8f84d8);
							_t67 = _t146 + 0x54;
							_t120 =  *_t67;
							if( *((intOrPtr*)(_t120 + 4)) != _t67) {
								L15:
								_push(3);
								asm("int 0x29");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(0x30);
								_push(0x6d8dfb78);
								E6D85D08C(_t96, _t138, _t146);
								_t148 =  *((intOrPtr*)(_t153 + 8));
								if(_t148 == 0) {
									L59:
									_t69 = 0xc000000d;
								} else {
									_t140 =  *(_t153 + 0x14);
									if(_t140 == 0) {
										goto L59;
									} else {
										 *((intOrPtr*)(_t153 - 4)) = 0;
										if( *((intOrPtr*)(_t153 + 0xc)) >= 0x10000) {
											_t122 =  *(_t148 + 0x58) >> 1;
											 *(_t153 - 0x20) = _t122;
											_t104 =  *((intOrPtr*)(_t148 + 0x54)) + _t148;
											 *((intOrPtr*)(_t153 - 0x1c)) = _t104;
											if(_t104 <= 0x10000) {
												L37:
												if( *_t104 == 0) {
													goto L54;
												} else {
													_t72 = 1;
													if(_t122 <= 0) {
														goto L54;
													}
												}
											} else {
												while(_t122 > 0) {
													if( *_t104 == 0) {
														L54:
														_t72 = 0;
													} else {
														_t78 = E6D84E490( *((intOrPtr*)(_t153 + 0xc)), _t104);
														_t104 =  *((intOrPtr*)(_t153 - 0x1c));
														if(_t78 != 0) {
															_t129 = _t104;
															_t54 = _t129 + 2; // 0x22
															 *((intOrPtr*)(_t153 - 0x2c)) = _t54;
															do {
																_t80 =  *_t129;
																_t129 = _t129 + 2;
															} while (_t80 != 0);
															_t81 = (_t129 -  *((intOrPtr*)(_t153 - 0x2c)) >> 1) + 1;
															_t104 = _t104 + _t81 * 2;
															 *((intOrPtr*)(_t153 - 0x1c)) = _t104;
															_t122 =  *(_t153 - 0x20) - _t81;
															 *(_t153 - 0x20) = _t122;
															continue;
														} else {
															_t122 =  *(_t153 - 0x20);
															goto L37;
														}
													}
													goto L39;
												}
												goto L37;
											}
											L39:
											if(_t72 == 0) {
												 *_t140 =  *_t140 | 0x00040000;
											}
											_t124 =  *(_t148 + 0x68) >> 1;
											 *(_t153 - 0x28) = _t124;
											_t106 =  *((intOrPtr*)(_t148 + 0x64)) + _t148;
											 *((intOrPtr*)(_t153 - 0x24)) = _t106;
											if(_t106 <= 0x10000) {
												L56:
												if( *_t106 == 0 || _t124 <= 0) {
													goto L29;
												} else {
													_t73 = 1;
												}
											} else {
												while(_t124 > 0) {
													if( *_t106 == 0) {
														L29:
														_t73 = 0;
													} else {
														_t75 = E6D84E490( *((intOrPtr*)(_t153 + 0xc)), _t106);
														_t106 =  *((intOrPtr*)(_t153 - 0x24));
														if(_t75 == 0) {
															_t124 =  *(_t153 - 0x28);
															goto L56;
														} else {
															_t125 = _t106;
															_t47 = _t125 + 2; // 0xc00000e7
															_t149 = _t47;
															do {
																_t76 =  *_t125;
																_t125 = _t125 + 2;
															} while (_t76 != 0);
															_t48 = (_t125 - _t149 >> 1) + 1; // 0xc00000e4
															_t77 = _t48;
															_t106 = _t106 + _t77 * 2;
															 *((intOrPtr*)(_t153 - 0x24)) = _t106;
															_t124 =  *(_t153 - 0x28) - _t77;
															 *(_t153 - 0x28) = _t124;
															continue;
														}
													}
													goto L30;
												}
												goto L56;
											}
											L30:
											if(_t73 != 0) {
												goto L27;
											} else {
												goto L31;
											}
											goto L62;
										} else {
											_t112 =  *(_t148 + 0x60) >> 2;
											 *(_t153 - 0x30) = _t112;
											_t134 =  *((intOrPtr*)(_t148 + 0x5c)) + _t148;
											 *((intOrPtr*)(_t153 - 0x34)) = _t134;
											while(1) {
												_t112 = _t112 - 1;
												 *(_t153 - 0x30) = _t112;
												if(_t112 < 0) {
													break;
												}
												_t85 =  *((intOrPtr*)(_t153 + 0xc)) -  *_t134;
												_t134 = _t134 + 4;
												 *((intOrPtr*)(_t153 - 0x34)) = _t134;
												if(_t85 != 0) {
													continue;
												}
												break;
											}
											if(_t112 < 0) {
												 *_t140 =  *_t140 | 0x00040000;
											}
											_t114 =  *(_t148 + 0x70) >> 2;
											 *(_t153 - 0x38) = _t114;
											_t136 =  *((intOrPtr*)(_t148 + 0x6c)) + _t148;
											 *((intOrPtr*)(_t153 - 0x3c)) = _t136;
											while(1) {
												_t114 = _t114 - 1;
												 *(_t153 - 0x38) = _t114;
												if(_t114 < 0) {
													break;
												}
												_t83 =  *((intOrPtr*)(_t153 + 0xc)) -  *_t136;
												_t136 = _t136 + 4;
												 *((intOrPtr*)(_t153 - 0x3c)) = _t136;
												if(_t83 != 0) {
													continue;
												}
												break;
											}
											if(_t114 < 0) {
												L31:
												 *_t140 =  *_t140 | 0x00020000;
											}
										}
										L27:
										 *((intOrPtr*)(_t153 - 4)) = 0xfffffffe;
										_t69 = 0;
									}
								}
								return E6D85D0D1(_t69);
							} else {
								_t115 =  *((intOrPtr*)(_t67 + 4));
								if( *_t115 != _t67) {
									goto L15;
								} else {
									 *_t115 = _t120;
									 *((intOrPtr*)(_t120 + 4)) = _t115;
									_t141 =  *(_t146 + 0x50);
									_t99 =  *_t141;
									E6D81FFB0(_t99, _t141, 0x6d8f84d8);
									if( *((intOrPtr*)(_t146 + 0x3a)) != 0) {
										E6D8437F5(_t146, 0);
									}
									E6D840413(_t146);
									_t90 =  *((intOrPtr*)(_t146 + 0x48));
									if(_t90 != 0) {
										if(_t90 != 0xffffffff) {
											E6D839B10(_t90);
										}
									}
									if( *((intOrPtr*)(_t146 + 0x28)) != 0) {
										E6D8302D6(_t146 + 0x24);
									}
									_t65 = RtlFreeHeap( *0x6d8f7b98, 0, _t146);
									if(_t99 != _t141) {
										goto L3;
									} else {
										_t118 = _t141;
										_pop(_t142);
										_pop(_t150);
										_t143 = _t118;
										_t91 =  *(_t143 + 8);
										if(_t91 != 0) {
											do {
												_t151 =  *_t91;
												RtlFreeHeap( *0x6d8f7b98, 0, _t91);
												_t91 = _t151;
											} while (_t151 != 0);
										}
										return RtlFreeHeap( *0x6d8f7b98, 0, _t143);
									}
								}
							}
						} else {
							goto L3;
						}
					}
				}
				L62:
			}













































                                                                                  0x6d81ec81
                                                                                  0x6d81ec83
                                                                                  0x6d81ec85
                                                                                  0x6d81ec86
                                                                                  0x6d81ec8d
                                                                                  0x6d81eca4
                                                                                  0x6d81eca7
                                                                                  0x6d81ec8f
                                                                                  0x6d81ec8f
                                                                                  0x6d81ec95
                                                                                  0x00000000
                                                                                  0x6d81ec97
                                                                                  0x6d81ec97
                                                                                  0x6d81ec9a
                                                                                  0x6d81eca2
                                                                                  0x6d81ecad
                                                                                  0x6d81ecb2
                                                                                  0x6d81ecb5
                                                                                  0x6d81ecba
                                                                                  0x6d81ed2f
                                                                                  0x6d81ed2f
                                                                                  0x6d81ed32
                                                                                  0x6d81ed34
                                                                                  0x6d81ed35
                                                                                  0x6d81ed36
                                                                                  0x6d81ed37
                                                                                  0x6d81ed38
                                                                                  0x6d81ed39
                                                                                  0x6d81ed3a
                                                                                  0x6d81ed3b
                                                                                  0x6d81ed3c
                                                                                  0x6d81ed3d
                                                                                  0x6d81ed3e
                                                                                  0x6d81ed3f
                                                                                  0x6d81ed40
                                                                                  0x6d81ed42
                                                                                  0x6d81ed47
                                                                                  0x6d81ed4e
                                                                                  0x6d81ed53
                                                                                  0x6d86baf2
                                                                                  0x6d86baf2
                                                                                  0x6d81ed59
                                                                                  0x6d81ed59
                                                                                  0x6d81ed5e
                                                                                  0x00000000
                                                                                  0x6d81ed64
                                                                                  0x6d81ed64
                                                                                  0x6d81ed6f
                                                                                  0x6d81edf1
                                                                                  0x6d81edf3
                                                                                  0x6d81edf9
                                                                                  0x6d81edfb
                                                                                  0x6d81ee00
                                                                                  0x6d81ee28
                                                                                  0x6d81ee2b
                                                                                  0x00000000
                                                                                  0x6d81ee31
                                                                                  0x6d81ee33
                                                                                  0x6d81ee35
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81ee35
                                                                                  0x6d81ee02
                                                                                  0x6d81ee02
                                                                                  0x6d81ee09
                                                                                  0x6d86baae
                                                                                  0x6d86baae
                                                                                  0x6d81ee0f
                                                                                  0x6d81ee13
                                                                                  0x6d81ee1a
                                                                                  0x6d81ee1f
                                                                                  0x6d81eea9
                                                                                  0x6d81eeab
                                                                                  0x6d81eeae
                                                                                  0x6d81eeb1
                                                                                  0x6d81eeb1
                                                                                  0x6d81eeb4
                                                                                  0x6d81eeb7
                                                                                  0x6d81eec1
                                                                                  0x6d81eec4
                                                                                  0x6d81eec7
                                                                                  0x6d81eecd
                                                                                  0x6d81eecf
                                                                                  0x00000000
                                                                                  0x6d81ee25
                                                                                  0x6d81ee25
                                                                                  0x00000000
                                                                                  0x6d81ee25
                                                                                  0x6d81ee1f
                                                                                  0x00000000
                                                                                  0x6d81ee09
                                                                                  0x00000000
                                                                                  0x6d81ee02
                                                                                  0x6d81ee3b
                                                                                  0x6d81ee3d
                                                                                  0x6d86bab5
                                                                                  0x6d86bab5
                                                                                  0x6d81ee46
                                                                                  0x6d81ee48
                                                                                  0x6d81ee4e
                                                                                  0x6d81ee50
                                                                                  0x6d81ee59
                                                                                  0x6d86bac0
                                                                                  0x6d86bac3
                                                                                  0x00000000
                                                                                  0x6d86bad1
                                                                                  0x6d86bad3
                                                                                  0x6d86bad3
                                                                                  0x6d81ee5f
                                                                                  0x6d81ee5f
                                                                                  0x6d81ee6a
                                                                                  0x6d81ede0
                                                                                  0x6d81ede0
                                                                                  0x6d81ee70
                                                                                  0x6d81ee74
                                                                                  0x6d81ee7b
                                                                                  0x6d81ee80
                                                                                  0x6d81eed7
                                                                                  0x00000000
                                                                                  0x6d81ee82
                                                                                  0x6d81ee82
                                                                                  0x6d81ee84
                                                                                  0x6d81ee84
                                                                                  0x6d81ee87
                                                                                  0x6d81ee87
                                                                                  0x6d81ee8a
                                                                                  0x6d81ee8d
                                                                                  0x6d81ee96
                                                                                  0x6d81ee96
                                                                                  0x6d81ee99
                                                                                  0x6d81ee9c
                                                                                  0x6d81eea2
                                                                                  0x6d81eea4
                                                                                  0x00000000
                                                                                  0x6d81eea4
                                                                                  0x6d81ee80
                                                                                  0x00000000
                                                                                  0x6d81ee6a
                                                                                  0x00000000
                                                                                  0x6d81ee5f
                                                                                  0x6d81ede2
                                                                                  0x6d81ede4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81ed71
                                                                                  0x6d81ed74
                                                                                  0x6d81ed77
                                                                                  0x6d81ed7d
                                                                                  0x6d81ed7f
                                                                                  0x6d81ed82
                                                                                  0x6d81ed82
                                                                                  0x6d81ed85
                                                                                  0x6d81ed88
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81ed8d
                                                                                  0x6d81ed8f
                                                                                  0x6d81ed92
                                                                                  0x6d81ed97
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81ed97
                                                                                  0x6d81ed9b
                                                                                  0x6d81ed9d
                                                                                  0x6d81ed9d
                                                                                  0x6d81eda6
                                                                                  0x6d81eda9
                                                                                  0x6d81edaf
                                                                                  0x6d81edb1
                                                                                  0x6d81edb4
                                                                                  0x6d81edb4
                                                                                  0x6d81edb7
                                                                                  0x6d81edba
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81edbf
                                                                                  0x6d81edc1
                                                                                  0x6d81edc4
                                                                                  0x6d81edc9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81edc9
                                                                                  0x6d81edcd
                                                                                  0x6d81ede6
                                                                                  0x6d81ede6
                                                                                  0x6d81ede6
                                                                                  0x6d81edcd
                                                                                  0x6d81edcf
                                                                                  0x6d81edcf
                                                                                  0x6d81edd6
                                                                                  0x6d81edd6
                                                                                  0x6d81ed5e
                                                                                  0x6d81eddd
                                                                                  0x6d81ecbc
                                                                                  0x6d81ecbc
                                                                                  0x6d81ecc1
                                                                                  0x00000000
                                                                                  0x6d81ecc3
                                                                                  0x6d81ecc3
                                                                                  0x6d81ecc5
                                                                                  0x6d81ecc8
                                                                                  0x6d81ecd0
                                                                                  0x6d81ecd2
                                                                                  0x6d81ecdd
                                                                                  0x6d81ed1b
                                                                                  0x6d81ed1b
                                                                                  0x6d81ece1
                                                                                  0x6d81ece6
                                                                                  0x6d81eceb
                                                                                  0x6d81ed25
                                                                                  0x6d81ed28
                                                                                  0x6d81ed28
                                                                                  0x6d81ed25
                                                                                  0x6d81ecf1
                                                                                  0x6d81ecf6
                                                                                  0x6d81ecf6
                                                                                  0x6d81ed04
                                                                                  0x6d81ed0b
                                                                                  0x00000000
                                                                                  0x6d81ed0d
                                                                                  0x6d81ed0d
                                                                                  0x6d81ed0f
                                                                                  0x6d81ed10
                                                                                  0x6d83c27a
                                                                                  0x6d83c27c
                                                                                  0x6d83c281
                                                                                  0x6d87a692
                                                                                  0x6d87a692
                                                                                  0x6d87a69d
                                                                                  0x6d87a6a2
                                                                                  0x6d87a6a4
                                                                                  0x6d87a6a8
                                                                                  0x6d83c292
                                                                                  0x6d83c292
                                                                                  0x6d81ed0b
                                                                                  0x6d81ecc1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81eca2
                                                                                  0x6d81ec95
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F84D8,6D8517F0,00000000,?,6D82F715,6D82F5C0,?,?,?,00000001,-00000F38), ref: 6D81ECAD
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F84D8,6D8F84D8,6D8517F0,00000000,?,6D82F715,6D82F5C0,?,?,?,00000001,-00000F38), ref: 6D81ECD2
                                                                                  • RtlFreeHeap.BCCB(00000000,?,6D8F84D8,6D8F84D8,6D8517F0,00000000,?,6D82F715,6D82F5C0,?,?,?,00000001,-00000F38), ref: 6D81ED04
                                                                                  • RtlReleaseActivationContext.BCCB(-00000F38,6D8F84D8,6D8F84D8,6D8517F0,00000000,?,6D82F715,6D82F5C0,?,?,?,00000001,-00000F38), ref: 6D81ED28
                                                                                  • _wcsicmp.BCCB(6D8DFE98,?,6D8DFB78,00000030,6D8F84D8,6D8517F0,00000000,?,6D82F715,6D82F5C0,?,?,?,00000001,-00000F38), ref: 6D81EE13
                                                                                  • _wcsicmp.BCCB(6D8DFE98,?,6D8DFB78,00000030,6D8F84D8,6D8517F0,00000000,?,6D82F715,6D82F5C0,?,?,?,00000001,-00000F38), ref: 6D81EE74
                                                                                  • RtlFreeHeap.BCCB(00000000,?,6D8517F0,6D82F715,6D82F5C0,?,?,?,00000001,-00000F38), ref: 6D83C28C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveFreeHeapLockRelease_wcsicmp$AcquireActivationContext
                                                                                  • String ID:
                                                                                  • API String ID: 176173115-0
                                                                                  • Opcode ID: 96b8e561abc1fada6c36d665b1ceac7e031e146e4c7da6b979bd3e26745058db
                                                                                  • Instruction ID: c62c192a2403ff3dda466d7507cc3336852039714a6884208e359ecec9eb1e6b
                                                                                  • Opcode Fuzzy Hash: 96b8e561abc1fada6c36d665b1ceac7e031e146e4c7da6b979bd3e26745058db
                                                                                  • Instruction Fuzzy Hash: A381D430A082078FCB16CF6DCC48AAAB7B2BF85318B14CD2DF555EB690E730A845CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D81F820, Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 94%
                                                                                  			E6D81F820(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int* _a20) {
				intOrPtr _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* _t37;
				signed int _t55;
				signed int _t56;
				signed int* _t62;
				signed int _t64;
				signed int* _t72;
				signed int _t76;
				void* _t78;
				signed int _t80;
				void* _t82;
				void* _t83;

				_t82 = (_t80 & 0xfffffff8) - 0x14;
				_t74 = _a4;
				if(_a4 == 0) {
					L22:
					_t78 = 0x57;
					goto L16;
				} else {
					_t62 = _a20;
					if(_t62 == 0) {
						goto L22;
					} else {
						_t37 = E6D84F380(_t74, 0x6d7e5138, 0x10);
						_t83 = _t82 + 0xc;
						if(_t37 == 0) {
							if( *0x6d8f60d8 == 0) {
								goto L3;
							} else {
								_push(0x57);
								goto L25;
							}
						} else {
							L3:
							_t71 = _a12;
							 *_t62 =  *_t62 & 0x00000000;
							_t78 = 0;
							_t62[1] = _t62[1] & 0x00000000;
							_t76 = E6D83BC2C(_t74, _a12, _a16, _a8);
							if(_t76 == 0) {
								_push("true");
								L25:
								_pop(_t78);
								goto L23;
							} else {
								_t8 = _t76 + 0x24; // 0x24
								_t63 = _t8;
								E6D822280(_t38, _t8);
								 *(_t76 + 0x2c) =  *( *[fs:0x18] + 0x24);
								if(_a8 == 0xa) {
									L6:
									_t14 = _t76 + 0xc; // 0xc
									 *((intOrPtr*)(_t83 + 0x18)) = _t14;
									 *((short*)(_t83 + 0x20)) =  *(_t76 + 0x34);
									E6D822280( *(_t76 + 0x34), 0x6d8f86ac);
									_t64 =  *0x6d8f86dc;
									_v20 =  *0x6d8f86e0 & 1;
									_v24 = 0;
									if(_t64 != 0) {
										L7:
										while(1) {
											if(E6D81F99D(_t83 + 0x1c, _t64) >= 0) {
												_t55 =  *(_t64 + 4);
												if(_v16 != 0) {
													if(_t55 == 0) {
														goto L13;
													} else {
														_t55 = _t55 ^ _t64;
														goto L12;
													}
													goto L17;
												} else {
													L12:
													if(_t55 != 0) {
														goto L10;
													} else {
														L13:
														_v20 = 1;
													}
												}
											} else {
												_t56 =  *_t64;
												if(_v16 != 0) {
													if(_t56 == 0) {
														goto L14;
													} else {
														_t55 = _t56 ^ _t64;
														goto L9;
													}
													goto L17;
												} else {
													L9:
													if(_t55 == 0) {
														L14:
														_v20 = 0;
													} else {
														L10:
														_t64 = _t55;
														continue;
													}
												}
											}
											goto L15;
										}
									}
									L15:
									E6D81B090(0x6d8f86dc, _t64, _v20, _t76);
									E6D81FFB0(_t64, _t76, 0x6d8f86ac);
									E6D83F296(_t76, _t71);
									 *(_t76 + 0x2c) =  *(_t76 + 0x2c) & 0x00000000;
									_t29 = _t76 + 0x24; // 0x24
									E6D81FFB0(_t64, _t76, _t29);
									asm("cdq");
									_t72 = _a20;
									 *_t72 = _t76;
									_t72[1] =  *(_t76 + 0x34) & 0x0000ffff;
								} else {
									_t71 = _a12;
									_t78 = E6D834D3B(_t76, _a12, _a8);
									if(_t78 != 0) {
										 *(_t76 + 0x2c) =  *(_t76 + 0x2c) & 0x00000000;
										E6D81FFB0(_t63, _t76, _t63);
										E6D80F871(_t63);
									} else {
										goto L6;
									}
								}
								L16:
								if(_t78 != 0) {
									L23:
									E6D80CC50(_t78);
								}
							}
						}
					}
				}
				L17:
				return _t78;
			}





















                                                                                  0x6d81f828
                                                                                  0x6d81f82e
                                                                                  0x6d81f833
                                                                                  0x6d81f990
                                                                                  0x6d81f992
                                                                                  0x00000000
                                                                                  0x6d81f839
                                                                                  0x6d81f839
                                                                                  0x6d81f83e
                                                                                  0x00000000
                                                                                  0x6d81f844
                                                                                  0x6d81f84c
                                                                                  0x6d81f851
                                                                                  0x6d81f856
                                                                                  0x6d81f97b
                                                                                  0x00000000
                                                                                  0x6d81f981
                                                                                  0x6d81f981
                                                                                  0x00000000
                                                                                  0x6d81f981
                                                                                  0x6d81f85c
                                                                                  0x6d81f85c
                                                                                  0x6d81f85f
                                                                                  0x6d81f867
                                                                                  0x6d81f86a
                                                                                  0x6d81f86c
                                                                                  0x6d81f875
                                                                                  0x6d81f879
                                                                                  0x6d86bd6b
                                                                                  0x6d86bd6d
                                                                                  0x6d86bd6d
                                                                                  0x00000000
                                                                                  0x6d81f87f
                                                                                  0x6d81f87f
                                                                                  0x6d81f87f
                                                                                  0x6d81f883
                                                                                  0x6d81f895
                                                                                  0x6d81f898
                                                                                  0x6d81f8b1
                                                                                  0x6d81f8b1
                                                                                  0x6d81f8b4
                                                                                  0x6d81f8c1
                                                                                  0x6d81f8c6
                                                                                  0x6d81f8d2
                                                                                  0x6d81f8db
                                                                                  0x6d81f8df
                                                                                  0x6d81f8e6
                                                                                  0x00000000
                                                                                  0x6d81f8e8
                                                                                  0x6d81f8f5
                                                                                  0x6d81f911
                                                                                  0x6d81f914
                                                                                  0x6d81f98a
                                                                                  0x00000000
                                                                                  0x6d81f98c
                                                                                  0x6d81f98c
                                                                                  0x00000000
                                                                                  0x6d81f98c
                                                                                  0x00000000
                                                                                  0x6d81f916
                                                                                  0x6d81f916
                                                                                  0x6d81f918
                                                                                  0x00000000
                                                                                  0x6d81f91a
                                                                                  0x6d81f91a
                                                                                  0x6d81f91a
                                                                                  0x6d81f91a
                                                                                  0x6d81f918
                                                                                  0x6d81f8f7
                                                                                  0x6d81f8fc
                                                                                  0x6d81f8fe
                                                                                  0x6d86bd8b
                                                                                  0x00000000
                                                                                  0x6d86bd91
                                                                                  0x6d86bd91
                                                                                  0x00000000
                                                                                  0x6d86bd91
                                                                                  0x00000000
                                                                                  0x6d81f904
                                                                                  0x6d81f904
                                                                                  0x6d81f906
                                                                                  0x6d81f921
                                                                                  0x6d81f921
                                                                                  0x6d81f908
                                                                                  0x6d81f908
                                                                                  0x6d81f908
                                                                                  0x00000000
                                                                                  0x6d81f908
                                                                                  0x6d81f906
                                                                                  0x6d81f8fe
                                                                                  0x00000000
                                                                                  0x6d81f8f5
                                                                                  0x6d81f8e8
                                                                                  0x6d81f926
                                                                                  0x6d81f931
                                                                                  0x6d81f93b
                                                                                  0x6d81f942
                                                                                  0x6d81f947
                                                                                  0x6d81f94b
                                                                                  0x6d81f94f
                                                                                  0x6d81f95a
                                                                                  0x6d81f95d
                                                                                  0x6d81f960
                                                                                  0x6d81f962
                                                                                  0x6d81f89a
                                                                                  0x6d81f89d
                                                                                  0x6d81f8a7
                                                                                  0x6d81f8ab
                                                                                  0x6d86bd73
                                                                                  0x6d86bd78
                                                                                  0x6d86bd7f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d81f8ab
                                                                                  0x6d81f965
                                                                                  0x6d81f967
                                                                                  0x6d81f995
                                                                                  0x6d81f996
                                                                                  0x6d81f996
                                                                                  0x6d81f967
                                                                                  0x6d81f879
                                                                                  0x6d81f856
                                                                                  0x6d81f83e
                                                                                  0x6d81f969
                                                                                  0x6d81f971

                                                                                  APIs
                                                                                  • memcmp.BCCB(?,6D7E5138,00000010,?,00000000,00000000,6D7EC318), ref: 6D81F84C
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(00000024,6D7EC318,00000000,?,00000000,00000000,6D7EC318), ref: 6D81F883
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F86AC,00000024,6D7EC318,00000000,?,00000000,00000000,6D7EC318), ref: 6D81F8C6
                                                                                    • Part of subcall function 6D834D3B: memset.BCCB(?,00000000,000000A0,00000000,00000000,00000024), ref: 6D834D77
                                                                                    • Part of subcall function 6D834D3B: RtlRunOnceExecuteOnce.BCCB(6D8F86B0,6D835690,00000000,00000000,00000000,00000000,00000024), ref: 6D834D9E
                                                                                    • Part of subcall function 6D834D3B: ZwTraceControl.BCCB(0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6D834DE9
                                                                                    • Part of subcall function 6D834D3B: memcmp.BCCB(?,6D7E5138,00000010,0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6D834E26
                                                                                  • RtlRbInsertNodeEx.BCCB(6D8F86DC,?,00000000,00000000), ref: 6D81F931
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F86AC,6D8F86DC,?,00000000,00000000), ref: 6D81F93B
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(00000024,6D8F86AC,6D8F86DC,?,00000000,00000000), ref: 6D81F94F
                                                                                    • Part of subcall function 6D83BC2C: RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,00000000,6D81F875,6D7EC318,00000000,?,00000000,00000000,6D7EC318), ref: 6D83BC79
                                                                                    • Part of subcall function 6D83BC2C: RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,00000000,6D81F875,6D7EC318,00000000,?,00000000,00000000,6D7EC318), ref: 6D83BC8D
                                                                                    • Part of subcall function 6D83BC2C: RtlAllocateHeap.BCCB(?,00000008,000000D0,?,?,?,00000000,00000000,6D81F875,6D7EC318,00000000,?,00000000,00000000,6D7EC318), ref: 6D83BCA6
                                                                                  • RtlSetLastWin32Error.BCCB(00000057,?,00000000,00000000,6D7EC318), ref: 6D81F996
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(00000024,0000000A,00000024,6D7EC318,00000000,?,00000000,00000000,6D7EC318), ref: 6D86BD78
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$Acquire$Oncememcmp$AllocateControlErrorExecuteHeapInsertLastNodeTraceWin32memset
                                                                                  • String ID:
                                                                                  • API String ID: 3014906823-0
                                                                                  • Opcode ID: f18e2a35395d17b9329f556e9bdae25de622e94e9776c27a8e89e44433e1dc0d
                                                                                  • Instruction ID: a0e234a0d2b99d2c49df191c8120a8960dc7cd5c779a1fba02726f940688092c
                                                                                  • Opcode Fuzzy Hash: f18e2a35395d17b9329f556e9bdae25de622e94e9776c27a8e89e44433e1dc0d
                                                                                  • Instruction Fuzzy Hash: 9441C1B220C707A7DB119F29DC48B7BB7A4BFA5358F014D19F9189A241DB74D408CBE2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D805C07, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 452COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 97%
                                                                                  			E6D805C07(signed short* __ecx, signed int __edx, signed int* _a4, signed int* _a8, char _a12, char _a16, char* _a20, intOrPtr* _a24) {
				signed short* _v8;
				intOrPtr _v12;
				signed int* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr* _v36;
				signed int _v40;
				signed int* _v44;
				signed int _v48;
				signed short* _v52;
				signed short* _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int* _v76;
				void* _t155;
				signed int* _t156;
				intOrPtr* _t159;
				char _t160;
				signed int _t179;
				signed int _t181;
				char* _t182;
				void* _t183;
				signed int _t186;
				void* _t187;
				signed int _t190;
				signed int _t196;
				signed int* _t198;
				signed int _t200;
				intOrPtr _t202;
				intOrPtr _t203;
				signed int _t215;
				intOrPtr _t221;
				signed int _t222;
				signed int _t225;
				void* _t227;
				void* _t228;
				signed int* _t233;
				intOrPtr* _t234;
				signed int* _t236;
				signed short* _t239;
				void* _t249;
				void* _t250;
				signed int _t251;
				signed int _t253;
				void* _t269;
				signed int _t270;
				signed int _t272;
				void* _t273;
				void* _t274;
				signed short* _t277;
				signed short* _t280;
				intOrPtr* _t281;
				intOrPtr* _t282;
				signed int _t284;
				signed int _t287;
				signed int* _t288;
				signed int _t293;
				signed int* _t295;
				signed int* _t297;
				signed int _t299;
				signed int* _t302;
				signed int _t306;
				signed int _t309;
				signed int _t314;
				signed int _t315;
				signed short* _t317;
				void* _t318;

				_t236 = _a8;
				_v72 = __edx;
				_v52 = __ecx;
				_t299 =  *_t236;
				 *_t236 =  *_t236 & 0x00000000;
				 *_a20 = 1;
				if(__edx <= 0) {
					_t155 = 0xc0000716;
					L34:
					return _t155;
				}
				_t277 =  &(__ecx[__edx]);
				_t238 = __ecx;
				_v8 = __ecx;
				_v56 =  &(__ecx[0xffffffffffffffff]);
				_t295 = _a4;
				_t156 = _t295;
				_v16 = _t156;
				_t233 = _t156;
				_v76 = _t233;
				_v12 = _t233 + _t299 * 2;
				 *_a24 = _t233 - 2;
				if(__ecx >= _t277) {
					L35:
					_t155 = 0xc0000716;
					L33:
					goto L34;
				}
				_t302 = _t233;
				_v60 = 0x80;
				while(1) {
					_t159 = E6D805DDE(_t238, _t277, _a12);
					_t239 = _v8;
					_t234 = _t159;
					if(_t234 == _t239) {
						break;
					}
					if(_a12 != 0) {
						_t306 = _t234 - _t239;
						L7:
						if((_t277 - _t239 & 0xfffffffe) < 8) {
							L11:
							if((_v12 - _t295 & 0xfffffffe) < (_t306 & 0xfffffffe)) {
								goto L35;
							}
							_t280 = _t239;
							if(_t239 >= _t234) {
								L21:
								if(_a12 != 0 || (_t234 - _t239 & 0xfffffffe) <= 0x7e && _t295 != _v16) {
									_t277 = _v52 + _v72 * 2;
									if(_t234 == _t277) {
										L27:
										_t160 = _a12;
										if(_t160 != 0) {
											_a12 = 0;
											_v56 = _t234;
											asm("sbb ecx, ecx");
											 *_a24 = _t295 - ( ~(_t234 - _t277) & 0x00000002);
											if(_t234 == _t277 - 2) {
												goto L35;
											}
											_t160 = _a12;
										}
										_t238 = _t234 + 2;
										_t302 = _t295;
										_v8 = _t234 + 2;
										_v16 = _t302;
										if(_t234 < _t277) {
											continue;
										}
										L29:
										_t297 = _v76;
										if(_t302 == _t297 || _t160 == 0 && _t277 - _v56 >> 1 > (0 | ( *(_t277 - 2) & 0x0000ffff) == 0x0000002e) + 0xff) {
											goto L35;
										} else {
											 *_a8 = _t302 - _t297 >> 1;
											_t155 = 0;
											goto L33;
										}
									}
									if(_t295 >= _v12) {
										goto L35;
									}
									 *_t295 =  *_t234;
									_t295 =  &(_t295[0]);
									_a4 = _t295;
									goto L27;
								} else {
									goto L35;
								}
							} else {
								goto L13;
							}
							do {
								L13:
								if(_a12 != 0) {
									L17:
									_t179 =  *_t280 & 0x0000ffff;
									if(_t179 == 0 || _t179 >= 0x80) {
										goto L35;
									} else {
										goto L19;
									}
								}
								if(_a16 != 0) {
									if(E6D8B7F9F( *_t280) == 0) {
										goto L35;
									}
								}
								_t181 =  *_t280 & 0x0000ffff;
								_t249 = 0x20;
								if(_t181 < _t249) {
									goto L35;
								}
								_t250 = 0x7f;
								if(_t181 == _t250) {
									goto L35;
								}
								goto L17;
								L19:
								 *_t295 = _t179;
								_t280 =  &(_t280[1]);
								_t295 =  &(_t295[0]);
								_a4 = _t295;
							} while (_t280 < _t234);
							L20:
							_t239 = _v8;
							goto L21;
						}
						_t182 = L"xl--";
						if(_a12 == 0) {
							_t182 = L"xn--";
						}
						_t183 = E6D84E5C0(_t239, _t182, 4);
						_t239 = _v8;
						_t318 = _t318 + 0xc;
						if(_t183 == 0) {
							_t281 = _t234 - 2;
							_t239 =  &(_t239[4]);
							_v8 = _t239;
							 *_a20 = 0;
							if(_t281 < _t239) {
								L46:
								_t281 = 0;
								L47:
								if(_t281 == _t234 - 2) {
									goto L35;
								}
								if(_t281 == 0 || _t281 <= _t239) {
									_t186 = 0;
								} else {
									_t317 = _t239;
									_t186 = _t281 - _t239 >> 1;
									_v48 = _t186;
									if(_t239 == _t281) {
										L68:
										if(_t186 <= 0) {
											_t187 = 0;
										} else {
											_t187 = 2 + _t186 * 2;
										}
										_t309 = 0;
										_v24 = 0x80;
										_v28 = _v28 & 0;
										_t282 = _t187 + _t239;
										_v36 = _t282;
										_v48 = 0x48;
										if(_t282 >= _t234) {
											goto L21;
										} else {
											do {
												_t251 = 0x24;
												_v68 = _t309;
												_v64 = _t309;
												_v20 = 1;
												_v40 = _t251;
												_v44 = _t251 - _v48;
												while(_t282 < _t234) {
													_t190 = E6D8B802C( *_t282);
													_v36 = _v36 + 2;
													_t253 = _t190;
													if(_t253 < 0) {
														goto L35;
													}
													asm("cdq");
													if(_t253 > 0x7ffffff / _v20) {
														goto L35;
													}
													_t284 = _v40;
													_t309 = _t309 + _t253 * _v20;
													_t196 = _v48;
													_v32 = _t309;
													if(_t284 > _t196) {
														if(_t284 < _t196 + 0x1a) {
															_t198 = _v44;
														} else {
															_t198 = 0x1a;
														}
													} else {
														_t198 = 1;
													}
													if(_t253 < _t198) {
														_t314 = (_t295 - _v16 >> 1) - _v28 + 1;
														_v48 = E6D8B7FD5(_v32 - _v68, _t314, (_t253 & 0xffffff00 | _v64 == 0x00000000) & 0x000000ff);
														_t200 = _v32;
														asm("cdq");
														_t315 = _t200 % _t314;
														_t287 = _t200 / _t314;
														_t202 = _v24;
														_v32 = _t315;
														if(_t287 > 0x7ffffff - _t202) {
															goto L35;
														}
														_t203 = _t202 + _t287;
														_v24 = _t203;
														if(_t203 >= 0x80 && _t203 <= 0x10ffff && (_t203 < 0xd800 || _t203 > 0xdfff)) {
															if(_v28 <= 0) {
																_t288 = _v16 + _t315 * 2;
																_v44 = _t288;
																L97:
																if(_t203 >= 0x10000) {
																	if(_t295 >= _v12 + 0xfffffffe || _t288 > _t295) {
																		goto L35;
																	} else {
																		asm("cdq");
																		_t140 = (_v24 + 0xffff0000) / 0x400 - 0x2800; // -4294911872
																		E6D8B7F11((_v24 + 0xffff0000) / 0x400, _t140, _v44,  &_a4);
																		E6D8B7F11( &_a4, (_v24 + 0xffff0000) % 0x400 - 0x2400,  &(_v44[0]),  &_a4);
																		_v28 = _v28 + 1;
																		_t315 = _v32;
																		goto L104;
																	}
																}
																if(_t295 >= _v12 || _t288 > _t295) {
																	goto L35;
																} else {
																	E6D8B7F11(_t203, _t203, _t288,  &_a4);
																	goto L104;
																}
															}
															_t288 = _v16;
															_v40 = _t315;
															_v44 = _t288;
															if(_t315 <= 0) {
																goto L97;
															}
															while(_t288 < _t295) {
																if(E6D8B7F61( *_t288) != 0) {
																	_t288 =  &(_t288[0]);
																}
																_t288 =  &(_t288[0]);
																_t215 = _v40 - 1;
																_v44 = _t288;
																_v40 = _t215;
																if(_t215 > 0) {
																	continue;
																} else {
																	_t203 = _v24;
																	goto L97;
																}
															}
														}
														goto L35;
													} else {
														_t269 = 0x24;
														_t270 = _t269 - _t198;
														asm("cdq");
														_t293 = _v20;
														if(_t293 > 0x7ffffff / _t270) {
															goto L35;
														}
														_v40 = _v40 + 0x24;
														_v44 =  &(_v44[9]);
														_t282 = _v36;
														_v20 = _t270 * _t293;
														continue;
													}
												}
												goto L35;
												L104:
												_t282 = _v36;
												_t309 = _t315 + 1;
												_t295 = _a4;
											} while (_t282 < _t234);
											goto L20;
										}
									}
									while(_t295 < _v12) {
										_t221 = _a12;
										if(_t221 != 0) {
											L58:
											_t272 =  *_t317 & 0x0000ffff;
											if(_t272 == 0 || _t272 >= _v60) {
												goto L35;
											} else {
												if(_t221 != 0) {
													L63:
													_t222 = _t272;
													L64:
													 *_t295 = _t222;
													_t317 =  &(_t317[1]);
													_t295 =  &(_t295[0]);
													_a4 = _t295;
													if(_t317 != _t281) {
														continue;
													}
													break;
												}
												_t59 = _t272 - 0x41; // 0x3f
												if(_t59 > 0x19) {
													goto L63;
												}
												_t60 = _t272 + 0x20; // 0xa0
												_t222 = _t60 & 0x0000ffff;
												goto L64;
											}
										}
										if(_a16 == _t221 || E6D8B7F9F( *_t317) != 0) {
											_t225 =  *_t317 & 0x0000ffff;
											_t273 = 0x20;
											if(_t225 < _t273) {
												goto L35;
											}
											_t274 = 0x7f;
											if(_t225 == _t274) {
												goto L35;
											}
											_t221 = _a12;
											goto L58;
										} else {
											goto L35;
										}
									}
									if(_t317 != _t281) {
										goto L35;
									}
									_t239 = _v8;
									_t186 = _v48;
								}
								goto L68;
							}
							_t227 = 0x2d;
							while( *_t281 != _t227) {
								_t281 = _t281 - 2;
								if(_t281 >= _t239) {
									continue;
								}
								goto L46;
							}
							goto L47;
						} else {
							goto L11;
						}
					}
					if(_a16 != 0) {
						_t228 = 0x2d;
						if( *_t239 == _t228) {
							goto L35;
						}
						if(_t234 <= _v52) {
							goto L6;
						}
						if( *((intOrPtr*)(_t234 - 2)) == _t228) {
							goto L35;
						}
					}
					L6:
					_t306 = _t234 - _t239;
					if((_t306 & 0xfffffffe) > 0x7e) {
						goto L35;
					}
					goto L7;
				}
				_t160 = _a12;
				if(_t160 != 0 || _t234 != _t277) {
					goto L35;
				} else {
					goto L29;
				}
			}










































































                                                                                  0x6d805c14
                                                                                  0x6d805c18
                                                                                  0x6d805c1b
                                                                                  0x6d805c1e
                                                                                  0x6d805c20
                                                                                  0x6d805c26
                                                                                  0x6d805c2b
                                                                                  0x6d8612f0
                                                                                  0x6d805dcf
                                                                                  0x6d805dd4
                                                                                  0x6d805dd4
                                                                                  0x6d805c31
                                                                                  0x6d805c34
                                                                                  0x6d805c39
                                                                                  0x6d805c3c
                                                                                  0x6d805c40
                                                                                  0x6d805c43
                                                                                  0x6d805c45
                                                                                  0x6d805c48
                                                                                  0x6d805c4a
                                                                                  0x6d805c53
                                                                                  0x6d805c59
                                                                                  0x6d805c5d
                                                                                  0x6d805dd7
                                                                                  0x6d805dd7
                                                                                  0x6d805dce
                                                                                  0x00000000
                                                                                  0x6d805dce
                                                                                  0x6d805c63
                                                                                  0x6d805c65
                                                                                  0x6d805c6c
                                                                                  0x6d805c6f
                                                                                  0x6d805c74
                                                                                  0x6d805c77
                                                                                  0x6d805c7b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805c85
                                                                                  0x6d861320
                                                                                  0x6d805ca7
                                                                                  0x6d805cb1
                                                                                  0x6d805cda
                                                                                  0x6d805ce7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805ced
                                                                                  0x6d805cf1
                                                                                  0x6d805d4b
                                                                                  0x6d805d4f
                                                                                  0x6d805d68
                                                                                  0x6d805d6d
                                                                                  0x6d805d80
                                                                                  0x6d805d80
                                                                                  0x6d805d85
                                                                                  0x6d86163d
                                                                                  0x6d861643
                                                                                  0x6d86164a
                                                                                  0x6d861654
                                                                                  0x6d86165b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861661
                                                                                  0x6d861661
                                                                                  0x6d805d8b
                                                                                  0x6d805d8e
                                                                                  0x6d805d90
                                                                                  0x6d805d93
                                                                                  0x6d805d98
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805d9e
                                                                                  0x6d805d9e
                                                                                  0x6d805da3
                                                                                  0x00000000
                                                                                  0x6d805dc3
                                                                                  0x6d805dca
                                                                                  0x6d805dcc
                                                                                  0x00000000
                                                                                  0x6d805dcc
                                                                                  0x6d805da3
                                                                                  0x6d805d72
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805d77
                                                                                  0x6d805d7a
                                                                                  0x6d805d7d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805cf3
                                                                                  0x6d805cf3
                                                                                  0x6d805cf7
                                                                                  0x6d805d1e
                                                                                  0x6d805d1e
                                                                                  0x6d805d24
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805d24
                                                                                  0x6d805cfd
                                                                                  0x6d861630
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861636
                                                                                  0x6d805d03
                                                                                  0x6d805d08
                                                                                  0x6d805d0c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805d14
                                                                                  0x6d805d18
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805d38
                                                                                  0x6d805d38
                                                                                  0x6d805d3b
                                                                                  0x6d805d3e
                                                                                  0x6d805d41
                                                                                  0x6d805d44
                                                                                  0x6d805d48
                                                                                  0x6d805d48
                                                                                  0x00000000
                                                                                  0x6d805d48
                                                                                  0x6d805cb7
                                                                                  0x6d805cbc
                                                                                  0x6d805cbe
                                                                                  0x6d805cbe
                                                                                  0x6d805cc7
                                                                                  0x6d805ccc
                                                                                  0x6d805ccf
                                                                                  0x6d805cd4
                                                                                  0x6d86132a
                                                                                  0x6d86132d
                                                                                  0x6d861330
                                                                                  0x6d861333
                                                                                  0x6d861338
                                                                                  0x6d861349
                                                                                  0x6d861349
                                                                                  0x6d86134b
                                                                                  0x6d861350
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861358
                                                                                  0x6d861405
                                                                                  0x6d861366
                                                                                  0x6d861368
                                                                                  0x6d86136c
                                                                                  0x6d86136e
                                                                                  0x6d861373
                                                                                  0x6d861407
                                                                                  0x6d861409
                                                                                  0x6d861414
                                                                                  0x6d86140b
                                                                                  0x6d86140b
                                                                                  0x6d86140b
                                                                                  0x6d861416
                                                                                  0x6d861418
                                                                                  0x6d86141f
                                                                                  0x6d861422
                                                                                  0x6d861425
                                                                                  0x6d861428
                                                                                  0x6d861431
                                                                                  0x00000000
                                                                                  0x6d861437
                                                                                  0x6d861437
                                                                                  0x6d861439
                                                                                  0x6d86143c
                                                                                  0x6d861442
                                                                                  0x6d861445
                                                                                  0x6d86144c
                                                                                  0x6d86144f
                                                                                  0x6d861452
                                                                                  0x6d86145d
                                                                                  0x6d861462
                                                                                  0x6d861466
                                                                                  0x6d86146a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861477
                                                                                  0x6d86147d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861483
                                                                                  0x6d86148c
                                                                                  0x6d86148e
                                                                                  0x6d861491
                                                                                  0x6d861496
                                                                                  0x6d8614a2
                                                                                  0x6d8614a9
                                                                                  0x6d8614a4
                                                                                  0x6d8614a6
                                                                                  0x6d8614a6
                                                                                  0x6d861498
                                                                                  0x6d86149a
                                                                                  0x6d86149a
                                                                                  0x6d8614ae
                                                                                  0x6d8614e8
                                                                                  0x6d861501
                                                                                  0x6d861509
                                                                                  0x6d86150c
                                                                                  0x6d86150f
                                                                                  0x6d861511
                                                                                  0x6d861513
                                                                                  0x6d861518
                                                                                  0x6d86151d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861523
                                                                                  0x6d86152a
                                                                                  0x6d86152f
                                                                                  0x6d861556
                                                                                  0x6d861595
                                                                                  0x6d861598
                                                                                  0x6d86159b
                                                                                  0x6d8615a0
                                                                                  0x6d8615c8
                                                                                  0x00000000
                                                                                  0x6d8615d6
                                                                                  0x6d8615e3
                                                                                  0x6d8615ef
                                                                                  0x6d8615f5
                                                                                  0x6d861607
                                                                                  0x6d86160c
                                                                                  0x6d86160f
                                                                                  0x00000000
                                                                                  0x6d86160f
                                                                                  0x6d8615c8
                                                                                  0x6d8615a5
                                                                                  0x00000000
                                                                                  0x6d8615b3
                                                                                  0x6d8615b9
                                                                                  0x00000000
                                                                                  0x6d8615b9
                                                                                  0x6d8615a5
                                                                                  0x6d861558
                                                                                  0x6d86155b
                                                                                  0x6d86155e
                                                                                  0x6d861563
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861565
                                                                                  0x6d861577
                                                                                  0x6d861579
                                                                                  0x6d861579
                                                                                  0x6d86157f
                                                                                  0x6d861582
                                                                                  0x6d861583
                                                                                  0x6d861586
                                                                                  0x6d86158b
                                                                                  0x00000000
                                                                                  0x6d86158d
                                                                                  0x6d86158d
                                                                                  0x00000000
                                                                                  0x6d86158d
                                                                                  0x6d86158b
                                                                                  0x6d861565
                                                                                  0x00000000
                                                                                  0x6d8614b0
                                                                                  0x6d8614b2
                                                                                  0x6d8614b3
                                                                                  0x6d8614ba
                                                                                  0x6d8614bd
                                                                                  0x6d8614c2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8614c8
                                                                                  0x6d8614cf
                                                                                  0x6d8614d3
                                                                                  0x6d8614d6
                                                                                  0x00000000
                                                                                  0x6d8614d6
                                                                                  0x6d8614ae
                                                                                  0x00000000
                                                                                  0x6d861612
                                                                                  0x6d861612
                                                                                  0x6d861615
                                                                                  0x6d861616
                                                                                  0x6d861619
                                                                                  0x00000000
                                                                                  0x6d861621
                                                                                  0x6d861431
                                                                                  0x6d861379
                                                                                  0x6d86137e
                                                                                  0x6d861383
                                                                                  0x6d8613b8
                                                                                  0x6d8613b8
                                                                                  0x6d8613be
                                                                                  0x00000000
                                                                                  0x6d8613ce
                                                                                  0x6d8613d0
                                                                                  0x6d8613e3
                                                                                  0x6d8613e3
                                                                                  0x6d8613e5
                                                                                  0x6d8613e5
                                                                                  0x6d8613e8
                                                                                  0x6d8613eb
                                                                                  0x6d8613ee
                                                                                  0x6d8613f3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8613f3
                                                                                  0x6d8613d2
                                                                                  0x6d8613d9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8613db
                                                                                  0x6d8613de
                                                                                  0x00000000
                                                                                  0x6d8613de
                                                                                  0x6d8613be
                                                                                  0x6d861388
                                                                                  0x6d86139a
                                                                                  0x6d86139f
                                                                                  0x6d8613a3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8613ab
                                                                                  0x6d8613af
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8613b5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861388
                                                                                  0x6d8613f7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8613fd
                                                                                  0x6d861400
                                                                                  0x6d861400
                                                                                  0x00000000
                                                                                  0x6d861358
                                                                                  0x6d86133c
                                                                                  0x6d86133d
                                                                                  0x6d861342
                                                                                  0x6d861347
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861347
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805cd4
                                                                                  0x6d805c8f
                                                                                  0x6d8612fc
                                                                                  0x6d861300
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861309
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861313
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d861319
                                                                                  0x6d805c95
                                                                                  0x6d805c97
                                                                                  0x6d805ca1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d805ca1
                                                                                  0x6d861669
                                                                                  0x6d86166e
                                                                                  0x00000000
                                                                                  0x6d86167c
                                                                                  0x00000000
                                                                                  0x6d86167c

                                                                                  APIs
                                                                                  • _wcsnicmp.BCCB(?,xl--,00000004,?,?,?,?), ref: 6D805CC7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: _wcsnicmp
                                                                                  • String ID: $$$$H$xl--$xn--
                                                                                  • API String ID: 1886669725-662589111
                                                                                  • Opcode ID: f50292edbe6d09e2978962967f2b6a87af8a7cd939f7e983c9f113e4aa961696
                                                                                  • Instruction ID: 1ee10d44aecbacec5689d8fe56df8e5fdb11543407405ab71ea1df77be5e4e65
                                                                                  • Opcode Fuzzy Hash: f50292edbe6d09e2978962967f2b6a87af8a7cd939f7e983c9f113e4aa961696
                                                                                  • Instruction Fuzzy Hash: 2BF1B571E0438A8BDF14CF68C98C6BDB7B1EF44314F2489AAE951E7685E7349941CBB0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8274C0, Relevance: 10.8, APIs: 7, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 82%
                                                                                  			E6D8274C0(signed short* __ecx) {
				char _v8;
				signed int _v12;
				signed int* _v16;
				void* _v20;
				signed short _t49;
				signed int _t54;
				signed int _t56;
				signed int _t57;
				signed int _t68;
				signed short* _t71;
				signed int _t74;
				signed int _t80;
				signed int _t85;
				signed int _t86;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				char _t91;
				signed short* _t92;
				unsigned short _t93;
				char _t94;
				signed short* _t95;
				signed int _t100;
				unsigned short _t101;
				signed short* _t104;
				signed int _t105;
				void* _t106;
				signed int* _t107;
				signed short _t108;
				signed int _t109;
				signed int _t112;
				signed int* _t113;

				_t92 = __ecx;
				_t104 = __ecx[2];
				_t112 =  *__ecx & 0x0000ffff;
				_v8 = 0;
				if(_t112 < 2) {
					L3:
					_t49 =  *_t92;
					_t113 = _t104;
					_t108 = _t49;
					_v20 = _t49;
					_t89 = _t108 & 0x0000ffff;
					_t93 = _t89;
					_v16 = _t113;
					_t105 = _t93 >> 0x00000001 & 0x0000ffff;
					if(_t105 == 0) {
						goto L28;
					} else {
						if( *((short*)(_t113 + _t105 * 2 - 2)) == 0x3a) {
							_t43 = _t93 - 2; // 0xfffffe
							_t108 = _t43;
							_t105 = _t105 + 0xffff;
							_t94 = 1;
							_v8 = 1;
						} else {
							_t94 = 0;
						}
						if(_t105 == 0) {
							goto L28;
						} else {
							while(1) {
								_t54 =  *(_t113 + (_t105 & 0x0000ffff) * 2 - 2) & 0x0000ffff;
								if(_t54 != 0x2e && _t54 != 0x20) {
									break;
								}
								_v12 = 0xfffe;
								_t105 = _t105 + 0xffff;
								_t108 = _t108 + _v12;
								_t94 = _t94 + 1;
								if(_t105 != 0) {
									continue;
								} else {
								}
								break;
							}
							_v8 = _t94;
							_v12 = 0;
							if(_t105 == 0) {
								L20:
								_t95 = _t113;
								_t106 = _t113 + (_t105 & 0x0000ffff) * 2;
								if(_t113 < _t106) {
									while(1) {
										_t68 =  *_t95 & 0x0000ffff;
										if(_t68 == 0x2e || _t68 == 0x3a) {
											break;
										}
										_t95 =  &(_t95[1]);
										if(_t95 < _t106) {
											continue;
										}
										break;
									}
									if(_t95 > _t113) {
										while( *((short*)(_t95 - 2)) == 0x20) {
											_t95 =  &(_t95[0xffffffffffffffff]);
											if(_t95 > _t113) {
												continue;
											} else {
											}
											goto L27;
										}
									}
								}
								L27:
								_t56 = _t95 - _t113 >> 0x00000001 & 0x0000ffff;
								_t109 = _t56;
								_v20 = _t56 + _t56;
								if(_t109 != 5) {
									_t26 = _t109 - 3; // 0x37
									_t57 = _t26;
									if(_t57 > 4) {
										goto L28;
									} else {
										switch( *((intOrPtr*)(_t57 * 4 +  &M6D8277C8))) {
											case 0:
												if(RtlEqualUnicodeString( &_v20, 0x6d7e1040, 1) != 0 || RtlEqualUnicodeString( &_v20, 0x6d7e1050, 1) != 0 || RtlEqualUnicodeString( &_v20, 0x6d7e1048, 1) != 0) {
													goto L46;
												} else {
													_push(1);
													_push(0x6d7e1058);
													goto L45;
												}
												goto L76;
											case 1:
												_t36 = __esi + 6; // 0xe6d7e
												__eax =  *_t36 & 0x0000ffff;
												if(iswdigit( *_t36 & 0x0000ffff) == 0) {
													goto L28;
												} else {
													if( *(__esi + 6) == 0x30) {
														goto L28;
													} else {
														_t46 = __ebx - 2; // -1
														__eax = _t46;
														_v20 = __ax;
														 &_v20 = RtlEqualUnicodeString( &_v20, 0x6d7e18f8, 1);
														if(__al != 0) {
															goto L46;
														} else {
															_push(1);
															_push(0x6d7e1910);
															goto L45;
														}
													}
												}
												goto L76;
											case 2:
												goto L28;
											case 3:
												_push(1);
												_push(0x6d7e1068);
												L45:
												if(RtlEqualUnicodeString( &_v20, ??, ??) == 0) {
													goto L28;
												} else {
													goto L46;
												}
												goto L76;
											case 4:
												_t35 =  &_v20; // 0xffff0
												_t35 = RtlEqualUnicodeString(_t35, 0x6d7e1060, 1);
												if(__al == 0) {
													goto L28;
												} else {
													L46:
													return _t109 + _t109 | _v12 << 0x00000010;
												}
												goto L76;
										}
									}
								} else {
									goto L28;
								}
							} else {
								_t71 = _t113 + ((_t105 & 0x0000ffff) - 1) * 2;
								if(_t71 < _t113) {
									L19:
									_t74 = ( *_t113 | 0x00000020) & 0x0000ffff;
									if(_t74 != 0x70) {
										if(_t74 == 0x6c || _t74 == 0x6e || _t74 == 0x61 || _t74 == 0x63) {
											goto L20;
										} else {
											goto L28;
										}
									} else {
										goto L20;
									}
								} else {
									while(1) {
										_t100 =  *_t71 & 0x0000ffff;
										if(_t100 == 0x5c || _t100 == 0x2f) {
											break;
										}
										if(_t100 == 0x3a) {
											if(_t71 !=  &(_t113[0])) {
												goto L14;
											} else {
												break;
											}
										} else {
											L14:
											_t71 = _t71 - 2;
											if(_t71 >= _t113) {
												continue;
											} else {
												goto L19;
											}
										}
										goto L76;
									}
									_t15 =  &(_t71[1]); // 0x3b
									_t107 = _t15;
									if(_t107 >= _t113 + (_t89 & 0xfffffffe)) {
										goto L28;
									} else {
										_t80 = ( *_t107 | 0x00000020) & 0x0000ffff;
										if(_t80 != 0x70) {
											if(_t80 == 0x6c || _t80 == 0x6e || _t80 == 0x61) {
												goto L18;
											} else {
												if(_t80 != 0x63) {
													goto L28;
												} else {
													goto L18;
												}
											}
										} else {
											L18:
											_v12 = _t107 - _t113;
											_t91 = _v8;
											_t101 = _t113 - _t107 + _t89 & 0x0000ffff;
											_t113 = _t107;
											_v16 = _t113;
											_t105 = (_t101 >> 0x00000001) - _t91 & 0x0000ffff;
											_v20 = _t101 - _t91 + _t91;
											goto L19;
										}
									}
								}
							}
						}
					}
				} else {
					_t85 =  *_t104 & 0x0000ffff;
					if(_t85 == 0x5c || _t85 == 0x2f) {
						if(_t112 < 4) {
							goto L3;
						} else {
							_t86 = _t104[1] & 0x0000ffff;
							if(_t86 != 0x5c) {
								if(_t86 != 0x2f) {
									goto L3;
								} else {
									goto L54;
								}
							} else {
								L54:
								if(_t112 < 6) {
									L28:
									return 0;
								} else {
									_t87 = _t104[2] & 0x0000ffff;
									if(_t87 != 0x2e) {
										if(_t87 == 0x3f) {
											goto L56;
										} else {
											goto L28;
										}
									} else {
										L56:
										if(_t112 < 8) {
											L69:
											if(_t112 != 6) {
												goto L28;
											} else {
												goto L3;
											}
										} else {
											_t88 = _t104[3] & 0x0000ffff;
											if(_t88 == 0x5c) {
												goto L28;
											} else {
												if(_t88 == 0x2f) {
													goto L28;
												} else {
													goto L69;
												}
											}
										}
									}
								}
							}
						}
					} else {
						goto L3;
					}
				}
				L76:
			}



































                                                                                  0x6d8274c0
                                                                                  0x6d8274c8
                                                                                  0x6d8274cd
                                                                                  0x6d8274d0
                                                                                  0x6d8274db
                                                                                  0x6d8274f2
                                                                                  0x6d8274f2
                                                                                  0x6d8274f4
                                                                                  0x6d8274f6
                                                                                  0x6d8274f9
                                                                                  0x6d8274fc
                                                                                  0x6d8274ff
                                                                                  0x6d827501
                                                                                  0x6d82750a
                                                                                  0x6d827510
                                                                                  0x00000000
                                                                                  0x6d827516
                                                                                  0x6d82751c
                                                                                  0x6d8277af
                                                                                  0x6d8277af
                                                                                  0x6d8277b2
                                                                                  0x6d8277b8
                                                                                  0x6d8277bd
                                                                                  0x6d827522
                                                                                  0x6d827522
                                                                                  0x6d827522
                                                                                  0x6d827527
                                                                                  0x00000000
                                                                                  0x6d82752d
                                                                                  0x6d82752d
                                                                                  0x6d827530
                                                                                  0x6d827539
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82778f
                                                                                  0x6d827796
                                                                                  0x6d82779c
                                                                                  0x6d8277a0
                                                                                  0x6d8277a4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8277aa
                                                                                  0x00000000
                                                                                  0x6d8277a4
                                                                                  0x6d827549
                                                                                  0x6d82754c
                                                                                  0x6d827556
                                                                                  0x6d8275e5
                                                                                  0x6d8275e8
                                                                                  0x6d8275ea
                                                                                  0x6d8275ef
                                                                                  0x6d8275f1
                                                                                  0x6d8275f1
                                                                                  0x6d8275f7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8275fe
                                                                                  0x6d827603
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d827603
                                                                                  0x6d827607
                                                                                  0x6d827610
                                                                                  0x6d86f983
                                                                                  0x6d86f988
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86f98e
                                                                                  0x00000000
                                                                                  0x6d86f988
                                                                                  0x6d827610
                                                                                  0x6d827607
                                                                                  0x6d82761b
                                                                                  0x6d82761f
                                                                                  0x6d827622
                                                                                  0x6d827627
                                                                                  0x6d82762e
                                                                                  0x6d827680
                                                                                  0x6d827680
                                                                                  0x6d827686
                                                                                  0x00000000
                                                                                  0x6d827688
                                                                                  0x6d827688
                                                                                  0x00000000
                                                                                  0x6d8276a1
                                                                                  0x00000000
                                                                                  0x6d8276cb
                                                                                  0x6d8276cb
                                                                                  0x6d8276cd
                                                                                  0x00000000
                                                                                  0x6d8276cd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d827718
                                                                                  0x6d827718
                                                                                  0x6d827727
                                                                                  0x00000000
                                                                                  0x6d82772d
                                                                                  0x6d86f998
                                                                                  0x00000000
                                                                                  0x6d86f99e
                                                                                  0x6d86f99e
                                                                                  0x6d86f99e
                                                                                  0x6d86f9a3
                                                                                  0x6d86f9b0
                                                                                  0x6d86f9b7
                                                                                  0x00000000
                                                                                  0x6d86f9bd
                                                                                  0x6d86f9bd
                                                                                  0x6d86f9bf
                                                                                  0x00000000
                                                                                  0x6d86f9bf
                                                                                  0x6d86f9b7
                                                                                  0x6d86f998
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82770f
                                                                                  0x6d827711
                                                                                  0x6d8276d2
                                                                                  0x6d8276dd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8276fc
                                                                                  0x6d827700
                                                                                  0x6d827707
                                                                                  0x00000000
                                                                                  0x6d82770d
                                                                                  0x6d8276e3
                                                                                  0x6d8276f4
                                                                                  0x6d8276f4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d827688
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d82755c
                                                                                  0x6d827560
                                                                                  0x6d827565
                                                                                  0x6d8275d6
                                                                                  0x6d8275dd
                                                                                  0x6d8275e3
                                                                                  0x6d827661
                                                                                  0x00000000
                                                                                  0x6d82767e
                                                                                  0x00000000
                                                                                  0x6d82767e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d827567
                                                                                  0x6d827567
                                                                                  0x6d827567
                                                                                  0x6d82756d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d827577
                                                                                  0x6d82777a
                                                                                  0x00000000
                                                                                  0x6d827780
                                                                                  0x00000000
                                                                                  0x6d827780
                                                                                  0x6d82757d
                                                                                  0x6d82757d
                                                                                  0x6d82757d
                                                                                  0x6d827582
                                                                                  0x00000000
                                                                                  0x6d827584
                                                                                  0x00000000
                                                                                  0x6d827584
                                                                                  0x6d827582
                                                                                  0x00000000
                                                                                  0x6d827577
                                                                                  0x6d827586
                                                                                  0x6d827586
                                                                                  0x6d827592
                                                                                  0x00000000
                                                                                  0x6d827598
                                                                                  0x6d82759f
                                                                                  0x6d8275a5
                                                                                  0x6d82763c
                                                                                  0x00000000
                                                                                  0x6d827654
                                                                                  0x6d827657
                                                                                  0x00000000
                                                                                  0x6d827659
                                                                                  0x00000000
                                                                                  0x6d827659
                                                                                  0x6d827657
                                                                                  0x6d8275ab
                                                                                  0x6d8275ab
                                                                                  0x6d8275b3
                                                                                  0x6d8275b6
                                                                                  0x6d8275b9
                                                                                  0x6d8275bc
                                                                                  0x6d8275c1
                                                                                  0x6d8275ca
                                                                                  0x6d8275d2
                                                                                  0x00000000
                                                                                  0x6d8275d2
                                                                                  0x6d8275a5
                                                                                  0x6d827592
                                                                                  0x6d827565
                                                                                  0x6d827556
                                                                                  0x6d827527
                                                                                  0x6d8274dd
                                                                                  0x6d8274dd
                                                                                  0x6d8274e3
                                                                                  0x6d827735
                                                                                  0x00000000
                                                                                  0x6d82773b
                                                                                  0x6d82773b
                                                                                  0x6d827742
                                                                                  0x6d86f961
                                                                                  0x00000000
                                                                                  0x6d86f967
                                                                                  0x00000000
                                                                                  0x6d86f967
                                                                                  0x6d827748
                                                                                  0x6d827748
                                                                                  0x6d82774b
                                                                                  0x6d827630
                                                                                  0x6d827638
                                                                                  0x6d827751
                                                                                  0x6d827751
                                                                                  0x6d827758
                                                                                  0x6d827788
                                                                                  0x00000000
                                                                                  0x6d82778a
                                                                                  0x00000000
                                                                                  0x6d82778a
                                                                                  0x6d82775a
                                                                                  0x6d82775a
                                                                                  0x6d82775d
                                                                                  0x6d86f975
                                                                                  0x6d86f978
                                                                                  0x00000000
                                                                                  0x6d86f97e
                                                                                  0x00000000
                                                                                  0x6d86f97e
                                                                                  0x6d827763
                                                                                  0x6d827763
                                                                                  0x6d82776a
                                                                                  0x00000000
                                                                                  0x6d827770
                                                                                  0x6d86f96f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d86f96f
                                                                                  0x6d82776a
                                                                                  0x6d82775d
                                                                                  0x6d827758
                                                                                  0x6d82774b
                                                                                  0x6d827742
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d8274e3
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlEqualUnicodeString.BCCB(?,6D7E1040,00000001,?,00000024,01000000), ref: 6D82769A
                                                                                  • RtlEqualUnicodeString.BCCB(?,6D7E1050,00000001,?,6D7E1040,00000001,?,00000024,01000000), ref: 6D8276AE
                                                                                  • RtlEqualUnicodeString.BCCB(?,6D7E1048,00000001,?,6D7E1050,00000001,?,6D7E1040,00000001,?,00000024,01000000), ref: 6D8276C2
                                                                                  • RtlEqualUnicodeString.BCCB(?,6D7E1058,00000001,?,6D7E1048,00000001,?,6D7E1050,00000001,?,6D7E1040,00000001,?,00000024,01000000), ref: 6D8276D6
                                                                                  • RtlEqualUnicodeString.BCCB(000FFFF0,6D7E1060,00000001,6D7E1068,00000001,6D7E18F8,00000001), ref: 6D827700
                                                                                  • iswdigit.BCCB(000E6D7E,6D7E1048,00000001,?,6D7E1050,00000001,?,6D7E1040,00000001,?,00000024,01000000), ref: 6D82771D
                                                                                  • RtlEqualUnicodeString.BCCB(00100000,6D7E18F8,00000001), ref: 6D86F9B0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: EqualStringUnicode$iswdigit
                                                                                  • String ID:
                                                                                  • API String ID: 3246613909-0
                                                                                  • Opcode ID: d91ca3fb54586b54308b419f4e078c78dab77f8e5bfdd5dcbf9fb43d70ee08f4
                                                                                  • Instruction ID: bd2996cc83e82700140ae64461fa6e0d28a92e6b5e090584815c4034d03087c5
                                                                                  • Opcode Fuzzy Hash: d91ca3fb54586b54308b419f4e078c78dab77f8e5bfdd5dcbf9fb43d70ee08f4
                                                                                  • Instruction Fuzzy Hash: 56811771C1412756CB209E5FCD897BEB3B5AF16714F904D27F8A4D7180E37185C582D2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D800B60, Relevance: 10.7, APIs: 7, Instructions: 234COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 96%
                                                                                  			E6D800B60(signed short* _a4, intOrPtr _a8, intOrPtr* _a12, short* _a16) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t39;
				signed int _t41;
				void* _t45;
				void* _t50;
				long _t51;
				signed int _t52;
				signed int _t53;
				signed int _t60;
				signed int _t64;
				signed int _t75;
				signed int _t76;
				signed int _t78;
				signed int _t80;
				signed int _t87;
				signed short* _t90;
				void* _t93;
				signed int _t105;
				signed short* _t106;
				signed int _t111;
				void* _t115;
				signed int _t116;
				signed int _t117;
				signed int _t121;
				signed int _t122;
				long _t123;
				long _t125;
				void* _t128;
				signed short* _t131;

				_t90 = _a4;
				if(_t90 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L6:
					_t39 = 0xc000000d;
				} else {
					_t87 = 0;
					_v16 = 0;
					_t41 =  *_t90 & 0x0000ffff;
					_t115 = 0x5b;
					_t121 = _t41;
					_v20 = _t121;
					if(_t41 == _t115) {
						_t90 =  &(_t90[1]);
					}
					_v5 = _t121 == _t115;
					if(E6D800BD0(_t90,  &_v24, _a8) >= 0) {
						_t131 = _v24;
						_v12 = 0xa;
						__eflags =  *_t131 - 0x25;
						if( *_t131 != 0x25) {
							L22:
							_t45 = 0x5d;
							goto L23;
						} else {
							_t131 =  &(_t131[1]);
							_t125 =  *_t131 & 0x0000ffff;
							__eflags = _t125 - 0x80;
							if(_t125 >= 0x80) {
								goto L6;
							} else {
								_t76 = iswctype(_t125, 4);
								__eflags = _t76;
								if(_t76 == 0) {
									goto L6;
								} else {
									while(1) {
										__eflags = _t125;
										if(_t125 == 0) {
											break;
										}
										_t45 = 0x5d;
										__eflags = _t125 - _t45;
										if(_t125 == _t45) {
											_t121 = _v20;
											L23:
											__eflags =  *_t131 - _t45;
											if( *_t131 != _t45) {
												L45:
												_t116 = _v5;
												goto L46;
											} else {
												_t50 = 0x5b;
												__eflags = _t121 - _t50;
												if(_t121 != _t50) {
													goto L6;
												} else {
													_t131 =  &(_t131[1]);
													_t116 = 0;
													_v5 = 0;
													__eflags =  *_t131 - 0x3a;
													if( *_t131 != 0x3a) {
														L46:
														__eflags =  *_t131;
														if( *_t131 != 0) {
															goto L6;
														} else {
															__eflags = _t116;
															if(_t116 != 0) {
																goto L6;
															} else {
																 *_a16 = _t87;
																 *_a12 = _v16;
																_t39 = 0;
															}
														}
													} else {
														_t131 =  &(_t131[1]);
														_t122 = 0x10;
														__eflags =  *_t131 - 0x30;
														if( *_t131 != 0x30) {
															_t117 = 0xa;
														} else {
															_t24 =  &(_t131[1]); // -4
															_t106 = _t24;
															_t131 = _t106;
															_t117 = 8;
															_v12 = _t117;
															_t75 =  *_t131 & 0x0000ffff;
															__eflags = _t75 - 0x78;
															if(_t75 == 0x78) {
																L29:
																_t117 = _t122;
																_t26 =  &(_t106[1]); // 0x0
																_t131 = _t26;
																_v12 = _t117;
															} else {
																__eflags = _t75 - 0x58;
																if(_t75 != 0x58) {
																	goto L32;
																} else {
																	goto L29;
																}
																while(1) {
																	L32:
																	_t123 =  *_t131 & 0x0000ffff;
																	__eflags = _t123;
																	if(_t123 == 0) {
																		goto L45;
																	}
																	_t51 = 0x80;
																	__eflags = _t123 - 0x80;
																	if(_t123 >= 0x80) {
																		L39:
																		_t93 = 0x10;
																		__eflags = _t117 - _t93;
																		if(_t117 != _t93) {
																			goto L6;
																		} else {
																			__eflags = _t123 - _t51;
																			if(_t123 >= _t51) {
																				goto L6;
																			} else {
																				_t52 = iswctype(_t123, _t51);
																				__eflags = _t52;
																				if(_t52 == 0) {
																					goto L6;
																				} else {
																					_t53 = iswctype(_t123, 2);
																					asm("sbb eax, eax");
																					__eflags = (_t123 & 0x0000ffff) + 0xa + ((_t87 & 0x0000ffff) << 4) - ( ~_t53 & 0x00000020) + 0x41 - 0xffff;
																					if((_t123 & 0x0000ffff) + 0xa + ((_t87 & 0x0000ffff) << 4) - ( ~_t53 & 0x00000020) + 0x41 > 0xffff) {
																						goto L6;
																					} else {
																						_t60 = iswctype(_t123, 2);
																						_t117 = _v12;
																						asm("sbb eax, eax");
																						_t87 = (_t87 << 4) + 0xa + _t123 - ( ~_t60 & 0x00000020) + 0x41;
																						__eflags = _t87;
																						goto L44;
																					}
																				}
																			}
																		}
																	} else {
																		_t64 = iswctype(_t123, 4);
																		_t117 = _v12;
																		__eflags = _t64;
																		if(_t64 == 0) {
																			L38:
																			_t51 = 0x80;
																			goto L39;
																		} else {
																			_t105 = _t123 & 0x0000ffff;
																			_v24 = _t117 & 0x0000ffff;
																			_t31 = _t105 - 0x30; // -44
																			__eflags = _t31 - _v24;
																			if(_t31 >= _v24) {
																				goto L38;
																			} else {
																				__eflags = (_t87 & 0x0000ffff) * _v24 + 0xffffffd0 + _t105 - 0xffff;
																				if((_t87 & 0x0000ffff) * _v24 + 0xffffffd0 + _t105 > 0xffff) {
																					goto L6;
																				} else {
																					_t87 = _t117 * _t87 + 0xffffffd0 + _t123 & 0x0000ffff;
																					L44:
																					_t131 =  &(_t131[1]);
																					continue;
																				}
																			}
																		}
																	}
																	goto L7;
																}
																goto L45;
															}
														}
														goto L32;
													}
												}
											}
										} else {
											__eflags = _t125 - _t45 + 0x23;
											if(_t125 >= _t45 + 0x23) {
												goto L6;
											} else {
												_t78 = iswctype(_t125, 4);
												__eflags = _t78;
												if(_t78 == 0) {
													goto L6;
												} else {
													_v24 = _t125 & 0x0000ffff;
													_t80 = _v16;
													_t111 = 0xa;
													asm("cdq");
													asm("adc ecx, edx");
													_t128 = _t80 * _t111 + _v24 + 0xffffffd0;
													asm("adc ecx, 0xffffffff");
													__eflags = _t80 * _t111 >> 0x20;
													if(__eflags > 0) {
														goto L6;
													} else {
														if(__eflags < 0) {
															L19:
															_t131 =  &(_t131[1]);
															__eflags = _t131;
															_v16 = _v16 * 0xa + _v24 + 0xffffffd0;
															_t125 =  *_t131 & 0x0000ffff;
															continue;
														} else {
															__eflags = _t128 - 0xffffffff;
															if(_t128 > 0xffffffff) {
																goto L6;
															} else {
																goto L19;
															}
														}
													}
												}
											}
										}
										goto L7;
									}
									_t121 = _v20;
									goto L22;
								}
							}
						}
					} else {
						goto L6;
					}
				}
				L7:
				return _t39;
			}




































                                                                                  0x6d800b65
                                                                                  0x6d800b70
                                                                                  0x6d800bb7
                                                                                  0x6d800bb7
                                                                                  0x6d800b84
                                                                                  0x6d800b86
                                                                                  0x6d800b88
                                                                                  0x6d800b8b
                                                                                  0x6d800b90
                                                                                  0x6d800b91
                                                                                  0x6d800b93
                                                                                  0x6d800b99
                                                                                  0x6d800bc5
                                                                                  0x6d800bc5
                                                                                  0x6d800ba6
                                                                                  0x6d800bb1
                                                                                  0x6d85e578
                                                                                  0x6d85e580
                                                                                  0x6d85e587
                                                                                  0x6d85e58b
                                                                                  0x6d85e62e
                                                                                  0x6d85e630
                                                                                  0x00000000
                                                                                  0x6d85e591
                                                                                  0x6d85e591
                                                                                  0x6d85e594
                                                                                  0x6d85e597
                                                                                  0x6d85e59a
                                                                                  0x00000000
                                                                                  0x6d85e5a0
                                                                                  0x6d85e5a3
                                                                                  0x6d85e5aa
                                                                                  0x6d85e5ac
                                                                                  0x00000000
                                                                                  0x6d85e5b2
                                                                                  0x6d85e626
                                                                                  0x6d85e626
                                                                                  0x6d85e629
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e5b6
                                                                                  0x6d85e5b7
                                                                                  0x6d85e5ba
                                                                                  0x6d85e686
                                                                                  0x6d85e631
                                                                                  0x6d85e631
                                                                                  0x6d85e634
                                                                                  0x6d85e76f
                                                                                  0x6d85e76f
                                                                                  0x00000000
                                                                                  0x6d85e63a
                                                                                  0x6d85e63c
                                                                                  0x6d85e63d
                                                                                  0x6d85e640
                                                                                  0x00000000
                                                                                  0x6d85e646
                                                                                  0x6d85e646
                                                                                  0x6d85e649
                                                                                  0x6d85e64b
                                                                                  0x6d85e64e
                                                                                  0x6d85e652
                                                                                  0x6d85e772
                                                                                  0x6d85e774
                                                                                  0x6d85e777
                                                                                  0x00000000
                                                                                  0x6d85e77d
                                                                                  0x6d85e77d
                                                                                  0x6d85e77f
                                                                                  0x00000000
                                                                                  0x6d85e785
                                                                                  0x6d85e78c
                                                                                  0x6d85e795
                                                                                  0x6d85e797
                                                                                  0x6d85e797
                                                                                  0x6d85e77f
                                                                                  0x6d85e658
                                                                                  0x6d85e658
                                                                                  0x6d85e65d
                                                                                  0x6d85e65e
                                                                                  0x6d85e662
                                                                                  0x6d85e68d
                                                                                  0x6d85e664
                                                                                  0x6d85e664
                                                                                  0x6d85e664
                                                                                  0x6d85e667
                                                                                  0x6d85e66b
                                                                                  0x6d85e66c
                                                                                  0x6d85e66f
                                                                                  0x6d85e672
                                                                                  0x6d85e675
                                                                                  0x6d85e67c
                                                                                  0x6d85e67c
                                                                                  0x6d85e67e
                                                                                  0x6d85e67e
                                                                                  0x6d85e681
                                                                                  0x6d85e677
                                                                                  0x6d85e677
                                                                                  0x6d85e67a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e68e
                                                                                  0x6d85e68e
                                                                                  0x6d85e68e
                                                                                  0x6d85e691
                                                                                  0x6d85e694
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e69a
                                                                                  0x6d85e69f
                                                                                  0x6d85e6a2
                                                                                  0x6d85e6f1
                                                                                  0x6d85e6f3
                                                                                  0x6d85e6f4
                                                                                  0x6d85e6f7
                                                                                  0x00000000
                                                                                  0x6d85e6fd
                                                                                  0x6d85e6fd
                                                                                  0x6d85e700
                                                                                  0x00000000
                                                                                  0x6d85e706
                                                                                  0x6d85e708
                                                                                  0x6d85e70f
                                                                                  0x6d85e711
                                                                                  0x00000000
                                                                                  0x6d85e717
                                                                                  0x6d85e71a
                                                                                  0x6d85e722
                                                                                  0x6d85e73b
                                                                                  0x6d85e740
                                                                                  0x00000000
                                                                                  0x6d85e746
                                                                                  0x6d85e74c
                                                                                  0x6d85e751
                                                                                  0x6d85e757
                                                                                  0x6d85e765
                                                                                  0x6d85e765
                                                                                  0x00000000
                                                                                  0x6d85e765
                                                                                  0x6d85e740
                                                                                  0x6d85e711
                                                                                  0x6d85e700
                                                                                  0x6d85e6a4
                                                                                  0x6d85e6a7
                                                                                  0x6d85e6ac
                                                                                  0x6d85e6b1
                                                                                  0x6d85e6b3
                                                                                  0x6d85e6ec
                                                                                  0x6d85e6ec
                                                                                  0x00000000
                                                                                  0x6d85e6b5
                                                                                  0x6d85e6b5
                                                                                  0x6d85e6bb
                                                                                  0x6d85e6be
                                                                                  0x6d85e6c1
                                                                                  0x6d85e6c4
                                                                                  0x00000000
                                                                                  0x6d85e6c6
                                                                                  0x6d85e6d2
                                                                                  0x6d85e6d7
                                                                                  0x00000000
                                                                                  0x6d85e6dd
                                                                                  0x6d85e6e7
                                                                                  0x6d85e767
                                                                                  0x6d85e767
                                                                                  0x00000000
                                                                                  0x6d85e767
                                                                                  0x6d85e6d7
                                                                                  0x6d85e6c4
                                                                                  0x6d85e6b3
                                                                                  0x00000000
                                                                                  0x6d85e6a2
                                                                                  0x00000000
                                                                                  0x6d85e68e
                                                                                  0x6d85e675
                                                                                  0x00000000
                                                                                  0x6d85e662
                                                                                  0x6d85e652
                                                                                  0x6d85e640
                                                                                  0x6d85e5c0
                                                                                  0x6d85e5c3
                                                                                  0x6d85e5c6
                                                                                  0x00000000
                                                                                  0x6d85e5cc
                                                                                  0x6d85e5cf
                                                                                  0x6d85e5d6
                                                                                  0x6d85e5d8
                                                                                  0x00000000
                                                                                  0x6d85e5de
                                                                                  0x6d85e5e1
                                                                                  0x6d85e5e4
                                                                                  0x6d85e5e9
                                                                                  0x6d85e5f3
                                                                                  0x6d85e5f6
                                                                                  0x6d85e5f8
                                                                                  0x6d85e5fb
                                                                                  0x6d85e5fe
                                                                                  0x6d85e600
                                                                                  0x00000000
                                                                                  0x6d85e606
                                                                                  0x6d85e606
                                                                                  0x6d85e611
                                                                                  0x6d85e61d
                                                                                  0x6d85e61d
                                                                                  0x6d85e620
                                                                                  0x6d85e623
                                                                                  0x00000000
                                                                                  0x6d85e608
                                                                                  0x6d85e608
                                                                                  0x6d85e60b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d85e60b
                                                                                  0x6d85e606
                                                                                  0x6d85e600
                                                                                  0x6d85e5d8
                                                                                  0x6d85e5c6
                                                                                  0x00000000
                                                                                  0x6d85e5ba
                                                                                  0x6d85e62b
                                                                                  0x00000000
                                                                                  0x6d85e62b
                                                                                  0x6d85e5ac
                                                                                  0x6d85e59a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6d800bb1
                                                                                  0x6d800bbc
                                                                                  0x6d800bc2

                                                                                  APIs
                                                                                  • RtlIpv6StringToAddressW.BCCB(?,?,00000000,00000000), ref: 6D800BAA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AddressIpv6String
                                                                                  • String ID:
                                                                                  • API String ID: 27538981-0
                                                                                  • Opcode ID: b690b3803644220c55924738faed87d42b98be9f139281c8459cf90186e800ac
                                                                                  • Instruction ID: b6f6db49252674bec6b57c86d5a2b9c01c20c81f224524db2ca8430a301cd84b
                                                                                  • Opcode Fuzzy Hash: b690b3803644220c55924738faed87d42b98be9f139281c8459cf90186e800ac
                                                                                  • Instruction Fuzzy Hash: 29616972A482168BEB25CE69CC59BBE73F1AF55368F124D2EF450E72C0EB748580C750
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D808D29, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memcpy.BCCB(-00000030,?,00000000,?,00000000,?,?,6D8517F0,00000000,?,00000000,?), ref: 6D808E86
                                                                                  • memcpy.BCCB(-00000030,?,?,?,00000000,?,?,6D8517F0,00000000,?,00000000,?), ref: 6D808EBF
                                                                                  Strings
                                                                                  • SXS: %s() found activation context data at %p with assembly roster that has no root, xrefs: 6D863491
                                                                                  • RtlpQueryInformationActivationContextDetailedInformation, xrefs: 6D86348C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy
                                                                                  • String ID: RtlpQueryInformationActivationContextDetailedInformation$SXS: %s() found activation context data at %p with assembly roster that has no root
                                                                                  • API String ID: 3510742995-1732449319
                                                                                  • Opcode ID: 252a404a0800aee5d0cbde34e248a45b37adbd357e96c438e3f817bed96c5ec8
                                                                                  • Instruction ID: 6b054027cfcc6ec097271ce7469aab810fbadae94aaa61e24363b044cc38bd1e
                                                                                  • Opcode Fuzzy Hash: 252a404a0800aee5d0cbde34e248a45b37adbd357e96c438e3f817bed96c5ec8
                                                                                  • Instruction Fuzzy Hash: 81713DB1A0020ADFDB04DF58C884AAAB7F5FF58314F254599E9189B342D331ED92CF94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8220A0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlRaiseException.BCCB(?), ref: 6D86D009
                                                                                  • RtlRaiseException.BCCB(C0150010), ref: 6D86D07A
                                                                                  • DbgPrintEx.BCCB(00000033,00000002,SXS: %s() Active frame is not the frame being deactivated %p != %p,RtlDeactivateActivationContextUnsafeFast,?,0000002C,?,00000000,000000FF), ref: 6D86D127
                                                                                  • RtlRaiseException.BCCB(C0150010), ref: 6D86D1C7
                                                                                  Strings
                                                                                  • SXS: %s() Active frame is not the frame being deactivated %p != %p, xrefs: 6D86D116
                                                                                  • RtlDeactivateActivationContextUnsafeFast, xrefs: 6D86D111
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExceptionRaise$Print
                                                                                  • String ID: RtlDeactivateActivationContextUnsafeFast$SXS: %s() Active frame is not the frame being deactivated %p != %p
                                                                                  • API String ID: 3901562751-4142264681
                                                                                  • Opcode ID: 17904635fe948f19d29cec5f7ae24971cf6d4f6c42b14055a7c8a7e8cf371236
                                                                                  • Instruction ID: 3cc3a2decd17de1450de8216e2f418c4f6e869393c97b5753f0c8b73a5fa4407
                                                                                  • Opcode Fuzzy Hash: 17904635fe948f19d29cec5f7ae24971cf6d4f6c42b14055a7c8a7e8cf371236
                                                                                  • Instruction Fuzzy Hash: BB8126B0518346CFD350CF19C489B1AFBE0BB88358F208E2EF5999B251D375D586CBA6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D80CCC0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 134COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrint.BCCB(RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?,?,?,-00000F38,00000000,?,?), ref: 6D864E05
                                                                                  • DbgPrint.BCCB(RTL: Edit ntos\rtl\generr.c to correct the problem,?,?,?,-00000F38,00000000,?,?), ref: 6D864E0F
                                                                                  • DbgPrint.BCCB(RTL: ERROR_MR_MID_NOT_FOUND is being returned,?,-00000F38,00000000,?,?), ref: 6D864E1C
                                                                                  Strings
                                                                                  • RTL: Edit ntos\rtl\generr.c to correct the problem, xrefs: 6D864E0A
                                                                                  • RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping, xrefs: 6D864E00
                                                                                  • RTL: ERROR_MR_MID_NOT_FOUND is being returned, xrefs: 6D864E17
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: RTL: ERROR_MR_MID_NOT_FOUND is being returned$RTL: Edit ntos\rtl\generr.c to correct the problem$RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping
                                                                                  • API String ID: 3558298466-1070408152
                                                                                  • Opcode ID: f4455a5db85f87f2594bb3b0baea517ff6f5d72938f906df02ef8662c17cf33b
                                                                                  • Instruction ID: 5319e9c4cbd807c4c9acfee7d20de5b13d7308de769234889265945c7309d21f
                                                                                  • Opcode Fuzzy Hash: f4455a5db85f87f2594bb3b0baea517ff6f5d72938f906df02ef8662c17cf33b
                                                                                  • Instruction Fuzzy Hash: 7A412976A182498BDB14CF5DEC94BBDB7B5F785320F104A3AEA11C3782E7395550C2E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83645B, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.BCCB(?,00000000,00000030,?,?,00000000), ref: 6D836490
                                                                                  • RtlDebugPrintTimes.BCCB(?,00000030,00000030,00000030), ref: 6D83651A
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,?,00000000), ref: 6D836553
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000000), ref: 6D836588
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireDebugPrintReleaseTimesmemset
                                                                                  • String ID: 0$0
                                                                                  • API String ID: 3207447552-203156872
                                                                                  • Opcode ID: 1cffe8e901711fc0fe62b647e5e2c55417ca0e3a660d964af959b14f7849d33a
                                                                                  • Instruction ID: 5398d2645cd6333ab8581b3e3822dba959cd2a24339256a2029b2a2ee0ed3b76
                                                                                  • Opcode Fuzzy Hash: 1cffe8e901711fc0fe62b647e5e2c55417ca0e3a660d964af959b14f7849d33a
                                                                                  • Instruction Fuzzy Hash: 04413CB1A08716AFC301CF68C449A1ABBE4FB89718F05896EF588D7301D731EA45CBD6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D804510, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrint.BCCB(RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?), ref: 6D8608F2
                                                                                  • DbgPrint.BCCB(RTL: Edit ntos\rtl\generr.c to correct the problem,RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?), ref: 6D8608FC
                                                                                  • DbgPrint.BCCB(RTL: ERROR_MR_MID_NOT_FOUND is being returned), ref: 6D860909
                                                                                  Strings
                                                                                  • RTL: Edit ntos\rtl\generr.c to correct the problem, xrefs: 6D8608F7
                                                                                  • RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping, xrefs: 6D8608ED
                                                                                  • RTL: ERROR_MR_MID_NOT_FOUND is being returned, xrefs: 6D860904
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: RTL: ERROR_MR_MID_NOT_FOUND is being returned$RTL: Edit ntos\rtl\generr.c to correct the problem$RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping
                                                                                  • API String ID: 3558298466-1070408152
                                                                                  • Opcode ID: ba033bc383ce4adeb1dee8599116c114fa8a0fba8e7127895b8a530cfa992a93
                                                                                  • Instruction ID: 1c1a9de45bd2c1a149b6f808508200eb0d3f81615900876968678e2437af0721
                                                                                  • Opcode Fuzzy Hash: ba033bc383ce4adeb1dee8599116c114fa8a0fba8e7127895b8a530cfa992a93
                                                                                  • Instruction Fuzzy Hash: 11216A336A801A4AF714461EDC8877CB362E7D9364F004E36F610D62D2DB58D9A0C2E7
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D805320, Relevance: 9.1, APIs: 6, Instructions: 91timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F85F0), ref: 6D805362
                                                                                  • RtlClearBits.BCCB(?,?,00000001,6D8F85F0), ref: 6D80538E
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,?,00000001,6D8F85F0), ref: 6D8053A7
                                                                                    • Part of subcall function 6D822280: RtlDllShutdownInProgress.BCCB(00000000), ref: 6D8222BA
                                                                                    • Part of subcall function 6D822280: ZwWaitForAlertByThreadId.BCCB(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6D8223A3
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000001,6D8F85F0), ref: 6D8053F2
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F85F0,6D8F85F0), ref: 6D805400
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,00000001,6D8F85F0), ref: 6D805422
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireRelease$AlertBitsClearDebugPrintProgressShutdownThreadTimesWait
                                                                                  • String ID:
                                                                                  • API String ID: 3225401293-0
                                                                                  • Opcode ID: 5a12058c24a2c49db1a89748fa767aa7f6d931cb55c0da9714607dfba5233958
                                                                                  • Instruction ID: e994bce7facb9dcbbcb94ff125836513d2a6e4b3fe0e038ca51667629f47237d
                                                                                  • Opcode Fuzzy Hash: 5a12058c24a2c49db1a89748fa767aa7f6d931cb55c0da9714607dfba5233958
                                                                                  • Instruction Fuzzy Hash: B531C5722197069FC710CF28C889EBAB3A8FF45714F464DA9E9554B242CB31E80587F1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D810225, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6D810315: memcpy.BCCB(6D8F7C54,?,00000040,00000000,00000000,000000FF,?,?,6D810254,6D8DF868,00000038,6D80F563), ref: 6D810371
                                                                                    • Part of subcall function 6D810315: memcpy.BCCB(?,?,?,?,0000FFFF,?,00000000,00000000,000000FF,?,?,6D810254,6D8DF868,00000038,6D80F563), ref: 6D81042B
                                                                                  • RtlActivateActivationContextUnsafeFast.BCCB ref: 6D8102BA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy$ActivateActivationContextFastUnsafe
                                                                                  • String ID: $$LdrpProcessDetachNode$Uninitializing DLL "%wZ" (Init routine: %p)$minkernel\ntdll\ldrsnap.c
                                                                                  • API String ID: 2422247448-1066784428
                                                                                  • Opcode ID: d85f1c9d119e428da5c692bfed3a0e1655ba9a1ec699bb812a4f144af8c599f2
                                                                                  • Instruction ID: d8dd929abdef6a667a898d3c8c3af33198852776898d037983a85e01149eece2
                                                                                  • Opcode Fuzzy Hash: d85f1c9d119e428da5c692bfed3a0e1655ba9a1ec699bb812a4f144af8c599f2
                                                                                  • Instruction Fuzzy Hash: 1D31A770D4920ADBDF12CF59CD8CBAEBBB4BF09305F108999E501AF284D7719A59CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D810C30, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 77COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(6D8F8550,?,?,00000000,000000FF,6D8DF868,00000038,6D80F563), ref: 6D810C6F
                                                                                  • RtlReleaseSRWLockShared.BCCB(6D8F8550,6D8F8550,?,?,00000000,000000FF,6D8DF868,00000038,6D80F563), ref: 6D810C98
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrtls.c, xrefs: 6D86643D
                                                                                  • Calling TLS callback %p for DLL "%wZ" at %p, xrefs: 6D86642C
                                                                                  • LdrpCallTlsInitializers, xrefs: 6D866433
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: LockShared$AcquireRelease
                                                                                  • String ID: Calling TLS callback %p for DLL "%wZ" at %p$LdrpCallTlsInitializers$minkernel\ntdll\ldrtls.c
                                                                                  • API String ID: 2614130328-70613900
                                                                                  • Opcode ID: c6ddca833b27371d43a341285103c918b849f43781270ecc0ace45842b14d789
                                                                                  • Instruction ID: 74980d150f1accb46b02015d3df69c16a54343d85557777bce1ed3f7be93e801
                                                                                  • Opcode Fuzzy Hash: c6ddca833b27371d43a341285103c918b849f43781270ecc0ace45842b14d789
                                                                                  • Instruction Fuzzy Hash: 6C21E5B1D0871AABCB10CF5ACD49F7AFBB5FB49B64F114D19E91163281E33068049AD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D89FDDA, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT(?,00000000,FF676980,000000FF,00000000,00000000,?,?,?,6D85FA1C,00000000,00000004,?,00000000,?,00000000), ref: 6D89FDFA
                                                                                  • DbgPrintEx.BCCB(00000065,00000001,RTL: Enter CriticalSection Timeout (%I64u secs) %d,00000000,?,?,00000000,FF676980,000000FF,00000000,00000000,?,?,?,6D85FA1C,00000000), ref: 6D89FE0A
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u,?,?,00000002,?,00000000,00000004,?,00000000,?,00000000,00000000), ref: 6D89FE34
                                                                                  Strings
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 6D89FE01
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 6D89FE2B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                  • API String ID: 545360701-3903918235
                                                                                  • Opcode ID: 0b941dd41c6ec58d8f04f62fa415a8eccb00672c14b5b838f5672d90b81591e7
                                                                                  • Instruction ID: 2f56cf7a744da27d03bce4f7296204ecc72bf08c5ac5eaf2ee9a0c0e1a708ff6
                                                                                  • Opcode Fuzzy Hash: 0b941dd41c6ec58d8f04f62fa415a8eccb00672c14b5b838f5672d90b81591e7
                                                                                  • Instruction Fuzzy Hash: 59F0F672204241BFD7340A49DC09F33BB5AEB44730F154715F7689A1E1EA62F96087F1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D801190, Relevance: 7.7, APIs: 5, Instructions: 151COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlIpv4StringToAddressW.BCCB(00000000,?,?,00000000), ref: 6D8011B9
                                                                                    • Part of subcall function 6D8011E0: iswctype.BCCB(0000000A,00000004), ref: 6D801244
                                                                                  • iswctype.BCCB(00000000,00000004,00000000,?,?,00000000), ref: 6D85EB6B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: iswctype$AddressIpv4String
                                                                                  • String ID:
                                                                                  • API String ID: 1627499474-0
                                                                                  • Opcode ID: fb804841babf00360943d9f994b3b33d5c73eef6988bae1e53c25cbdaf3f4e98
                                                                                  • Instruction ID: 76ca62c441f1972d27a03189823ca4b7908104fb0e6937ea9d5c71d84a8c4d17
                                                                                  • Opcode Fuzzy Hash: fb804841babf00360943d9f994b3b33d5c73eef6988bae1e53c25cbdaf3f4e98
                                                                                  • Instruction Fuzzy Hash: 654159366001269AEB29CA54DC497B973F4EF00769F204D2AF441E72C0E738DE51D354
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D83F296, Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6D83F2E0: RtlAcquireSRWLockExclusive.BCCB(6D8F86AC,00000000,00000000,00000000,0000000C,?,6D83F2BF,00000000,00000000,?), ref: 6D83F2F1
                                                                                    • Part of subcall function 6D83F2E0: RtlReleaseSRWLockExclusive.BCCB(6D8F86AC,?,?,6D8F86AC,00000000,00000000,00000000,0000000C,?,6D83F2BF,00000000,00000000,?), ref: 6D83F31B
                                                                                  • RtlAcquireSRWLockShared.BCCB(0000001C,00000000,00000000,?), ref: 6D87BB5B
                                                                                  • RtlReleaseSRWLockShared.BCCB(0000001C,0000001C,00000000,00000000,?), ref: 6D87BBE9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Lock$AcquireExclusiveReleaseShared
                                                                                  • String ID:
                                                                                  • API String ID: 3474408661-0
                                                                                  • Opcode ID: c7aa4bd3af2b594d5515bc4b25b276513ef39fe235d7233d04f7c19fa46ed612
                                                                                  • Instruction ID: 0f9af02cb0ee62f17ad99057f185b7501137488e4db90d0b7e800569b451985e
                                                                                  • Opcode Fuzzy Hash: c7aa4bd3af2b594d5515bc4b25b276513ef39fe235d7233d04f7c19fa46ed612
                                                                                  • Instruction Fuzzy Hash: B3311C319042188BCB11CF58C889BEE77B5FF40708F11C8ADED49AB245DB316A46CBD0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D810541, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 170COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlImageNtHeaderEx.BCCB(00000003,?,00000000,00000000,?,000000AB,?,?,?,?,6D8104FB,6D8DF890,0000001C,6D8103A8,?,00000000), ref: 6D810569
                                                                                  • RtlInitUnicodeString.BCCB(?,VS_VERSION_INFO,00000020,0000005C,0000005C,00000010,00000000,00000010,?,00000001,?,00000010,?,00000010,?,00000010), ref: 6D8106E7
                                                                                  • RtlCompareUnicodeString.BCCB(?,6D8DF890,00000000,6D8103A8,?,VS_VERSION_INFO,00000020,0000005C,0000005C,00000010,00000000,00000010,?,00000001,?,00000010), ref: 6D810717
                                                                                    • Part of subcall function 6D819660: RtlCompareUnicodeStrings.BCCB(?,?,00000000,?,6D8F7B60,?,6D8468BE,?,00000024,00000001,?,6D8305B9,?,?,6D8F7B60), ref: 6D819680
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Unicode$CompareString$HeaderImageInitStrings
                                                                                  • String ID: VS_VERSION_INFO
                                                                                  • API String ID: 1271209012-1537192461
                                                                                  • Opcode ID: 65d5eaf58b094eb4a31c8dbfcb6ad6f22417a9f95d1c9511f37efd9b8c5cc942
                                                                                  • Instruction ID: f5a92f01baa7263e709a1f1ea86ae72ba75256f83923683a4d1c3c5cd6595854
                                                                                  • Opcode Fuzzy Hash: 65d5eaf58b094eb4a31c8dbfcb6ad6f22417a9f95d1c9511f37efd9b8c5cc942
                                                                                  • Instruction Fuzzy Hash: E451EBB1A0821B9AEB10CBB6CC44BBA77F8AF14744F148E18A958DB1C0EB71D419CF50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D801390, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6D801783: RtlAcquireSRWLockExclusive.BCCB(?,6D8013C0,6D8DF288,00000044), ref: 6D801793
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,6D8DF288,00000044), ref: 6D801462
                                                                                    • Part of subcall function 6D801986: RtlIsValidIndexHandle.BCCB(?,?,00000000,?,?,6D8013F2,6D8DF288,00000044), ref: 6D801995
                                                                                  • memcpy.BCCB(?,0000000E,?,6D8DF288,00000044), ref: 6D80143D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireHandleIndexReleaseValidmemcpy
                                                                                  • String ID: #%u
                                                                                  • API String ID: 1422088098-232158463
                                                                                  • Opcode ID: 4c3d02b63ceec565f72763e0b3da8a2fdd761c4a15fbf315bb8adf477e5c8599
                                                                                  • Instruction ID: 86b6926a9f774302ee3c701276993e1813dcbca9e9f251f65707ab6e86e7f14f
                                                                                  • Opcode Fuzzy Hash: 4c3d02b63ceec565f72763e0b3da8a2fdd761c4a15fbf315bb8adf477e5c8599
                                                                                  • Instruction Fuzzy Hash: 44410371A2461ACBDB11CF58CC48AAEB3B6BF85318F158869EC14EB355D770D852CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8017B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,6D8DF2C8,00000018), ref: 6D8017D7
                                                                                  • RtlGetIntegerAtom.BCCB(?,?,?,6D8DF2C8,00000018), ref: 6D8017F3
                                                                                    • Part of subcall function 6D80187D: _wcsicmp.BCCB(0000001C,?,?,?,00000000,?,?,?,?), ref: 6D801921
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,6D8DF2C8,00000018), ref: 6D80185D
                                                                                    • Part of subcall function 6D801986: RtlIsValidIndexHandle.BCCB(?,?,00000000,?,?,6D8013F2,6D8DF288,00000044), ref: 6D801995
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireAtomHandleIndexIntegerReleaseValid_wcsicmp
                                                                                  • String ID: Atom
                                                                                  • API String ID: 2453091922-2154973765
                                                                                  • Opcode ID: 6c3a1b662f4723c11a652415a8849d3bd5a5cb8224e2623f7bdc40bd6b1396a1
                                                                                  • Instruction ID: 1a9fb33889c85fa8e20ef37cc466dea91ce004fcc279030a9c17718b90f52425
                                                                                  • Opcode Fuzzy Hash: 6c3a1b662f4723c11a652415a8849d3bd5a5cb8224e2623f7bdc40bd6b1396a1
                                                                                  • Instruction Fuzzy Hash: BA31D939D0021ACBDB41CF998C486FEB379FF05728F01895AE964E7200DB34CE4187A1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D894955, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6D831D47: memset.BCCB(00000000,00000000,6D8517F0,?,00000001,00000000,?,6D808D70,00000000,?,?,00000030,?,?,00000001,?), ref: 6D831D87
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() found activation context data at %p with wrong format,RtlpQueryRunLevel,?,?,00000030,?,00000030,?,?,00000001,?,?), ref: 6D8949E1
                                                                                  Strings
                                                                                  • SXS: %s() found activation context data at %p with assembly roster that has no root, xrefs: 6D8949D9
                                                                                  • SXS: %s() found activation context data at %p with wrong format, xrefs: 6D894A03
                                                                                  • RtlpQueryRunLevel, xrefs: 6D8949D4, 6D8949FE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Printmemset
                                                                                  • String ID: RtlpQueryRunLevel$SXS: %s() found activation context data at %p with assembly roster that has no root$SXS: %s() found activation context data at %p with wrong format
                                                                                  • API String ID: 4188176266-4139752556
                                                                                  • Opcode ID: 3067b06a82a52ff1c5a52d934137a047d6b24bdda7a2834483b357f7e26ae5c0
                                                                                  • Instruction ID: b61b8dc1cde571b8d9205d36b62ba51cbddc0b261c6c8c84673778b7f63bd842
                                                                                  • Opcode Fuzzy Hash: 3067b06a82a52ff1c5a52d934137a047d6b24bdda7a2834483b357f7e26ae5c0
                                                                                  • Instruction Fuzzy Hash: 8A21D6B2A043055FC325CE1CC884E6BB7EDEBC9258F058A59F8999F246DA30DD41C696
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8C40DC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0FE0), ref: 6D8C4110
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: RtlSetUserValueHeap
                                                                                  • API String ID: 3446177414-1142157168
                                                                                  • Opcode ID: 9d54b7c44ed6f948ad999bab4d30dcbe8fff587f5a427cb7aadfd824ba3b1fb1
                                                                                  • Instruction ID: db8ab1687a5778b347b6ad1bb808437ba5ed98c4121e8835783afaba79d15dcc
                                                                                  • Opcode Fuzzy Hash: 9d54b7c44ed6f948ad999bab4d30dcbe8fff587f5a427cb7aadfd824ba3b1fb1
                                                                                  • Instruction Fuzzy Hash: D021FD30905255DFDF11CFBCC9087EEBF71AF99358F058845E58467281C7319A85CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8C387C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6D8E0F20), ref: 6D8C38B3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: RtlGetUserInfoHeap
                                                                                  • API String ID: 3446177414-1656697243
                                                                                  • Opcode ID: dc9a5b6059e86291389a72fec7e7c33483892d2757a1b6ba8f00a8afc771ee4a
                                                                                  • Instruction ID: 45c9203c71d80f51e013545a35b4aeab4813a1566e38984e79216046e30134f6
                                                                                  • Opcode Fuzzy Hash: dc9a5b6059e86291389a72fec7e7c33483892d2757a1b6ba8f00a8afc771ee4a
                                                                                  • Instruction Fuzzy Hash: CA21C730908259EFDF12CFA889087FEFF71AF46354F048848E58467291C7319A5ACB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8C4212, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,6D8F79A0,6D8E0EA8,00000024,6D876051,?,?,00000000,00000000,?,?,6D833347,?,00000000,?), ref: 6D8C423F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: RtlSizeHeap
                                                                                  • API String ID: 3446177414-202636049
                                                                                  • Opcode ID: 1c5cdd710d9eade95e56553c9d2f2140f7fe6eba12410666cbadcb1930cfc459
                                                                                  • Instruction ID: 8fb401cabf9f7612c93c6337546021bb843b959f02b4b3f5a3db6c4425410a9a
                                                                                  • Opcode Fuzzy Hash: 1c5cdd710d9eade95e56553c9d2f2140f7fe6eba12410666cbadcb1930cfc459
                                                                                  • Instruction Fuzzy Hash: 5A21D030908219DBDB01CBBCC60CBEDBBB0AF89318F008A48E54027281C771AA85CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D883E13, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • wcschr.BCCB(?,0000002C,?,?,00000000,?,?,6D86060B), ref: 6D883E23
                                                                                  • wcstoul.BCCB(-00000002,6D86060B,00000010,?,?,00000000,?,?,6D86060B), ref: 6D883E3D
                                                                                  • DbgPrintEx.BCCB(00000055,00000003,CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X,?,?,00000000,?,?,6D86060B), ref: 6D883E5A
                                                                                    • Part of subcall function 6D883C93: wcschr.BCCB(?,0000003D,00000000,?), ref: 6D883CAC
                                                                                    • Part of subcall function 6D883C93: RtlInitUnicodeString.BCCB(?,-00000002,00000000,?), ref: 6D883CD0
                                                                                    • Part of subcall function 6D883C93: RtlAnsiStringToUnicodeString.BCCB(?,?,00000001,00000000,?), ref: 6D883D72
                                                                                    • Part of subcall function 6D883C93: RtlCompareUnicodeString.BCCB(?,?,00000001,?,?,00000001,00000000,?), ref: 6D883D89
                                                                                    • Part of subcall function 6D883C93: RtlFreeUnicodeString.BCCB(?,00000000,?), ref: 6D883DED
                                                                                  Strings
                                                                                  • CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X, xrefs: 6D883E51
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: String$Unicode$wcschr$AnsiCompareFreeInitPrintwcstoul
                                                                                  • String ID: CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X
                                                                                  • API String ID: 2652356044-1863042022
                                                                                  • Opcode ID: 5fb3311c10783e7bb328d90957178eb1ae5abcffa2d09c0a201740b4797fcdc1
                                                                                  • Instruction ID: 547bd659eb5547b7296e4cbab0181cda28a7f00a63324dc114e1f0660c903593
                                                                                  • Opcode Fuzzy Hash: 5fb3311c10783e7bb328d90957178eb1ae5abcffa2d09c0a201740b4797fcdc1
                                                                                  • Instruction Fuzzy Hash: 25F0F67224420076E718565D9C4BEB7375DCF85661F12055DFA189B282EA91AE10C1F1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D801FA1, Relevance: 6.3, APIs: 4, Instructions: 266COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memcpy.BCCB(?,?,00000000,?,?,?), ref: 6D8020AB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3510742995-0
                                                                                  • Opcode ID: a894ff951e35712df3dc20226ead586c95329290aa6c34059c9c150dd85d45f9
                                                                                  • Instruction ID: 6107342fdcbacfebc239aeb915feefab028705557e51b22f5052e018cca7fdd0
                                                                                  • Opcode Fuzzy Hash: a894ff951e35712df3dc20226ead586c95329290aa6c34059c9c150dd85d45f9
                                                                                  • Instruction Fuzzy Hash: 63A1817190421A8BDB61CA188C48BFA73F9BF94314F11C9E9A999D3240DF759A82CFD0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8011E0, Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • iswctype.BCCB(0000000A,00000004), ref: 6D801244
                                                                                  • iswctype.BCCB(00000000,00000004), ref: 6D85EC6A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: iswctype
                                                                                  • String ID:
                                                                                  • API String ID: 304682654-0
                                                                                  • Opcode ID: 158767ad72c4dd11953b5755c8c889b262e382e5182018a019d8118130c51b9e
                                                                                  • Instruction ID: 2ab5e445adf6a8e319e2e3bed082b2fcdfc46b158f8ea6172ddcf07380f6b684
                                                                                  • Opcode Fuzzy Hash: 158767ad72c4dd11953b5755c8c889b262e382e5182018a019d8118130c51b9e
                                                                                  • Instruction Fuzzy Hash: 8A71E371E0411ACBDB59CEA8CC987BD77FABF45328F108D2AE891E7280D7389950C760
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D801E50, Relevance: 6.2, APIs: 4, Instructions: 169COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlNtStatusToDosError.BCCB(C000000D,?,00000000,6D8DF330,00000018), ref: 6D85F223
                                                                                  • RtlNtStatusToDosError.BCCB(C000000D), ref: 6D85F2A6
                                                                                  • RtlEnterCriticalSection.BCCB(?), ref: 6D85F2BB
                                                                                  • RtlNtStatusToDosError.BCCB(C000000D), ref: 6D85F2E2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ErrorStatus$CriticalEnterSection
                                                                                  • String ID:
                                                                                  • API String ID: 152543406-0
                                                                                  • Opcode ID: e61b394bc04854b22f5b38f4a8e11fc2242df45677d82e708fec729d66ffe26d
                                                                                  • Instruction ID: 1f40774e2faa936edb915534b8e3b1e49e74d1db50b0b93591aa4b55a4867f37
                                                                                  • Opcode Fuzzy Hash: e61b394bc04854b22f5b38f4a8e11fc2242df45677d82e708fec729d66ffe26d
                                                                                  • Instruction Fuzzy Hash: 10511571A0468ADFDB41CF68C888BBE7BF5BF49318F008D59E95597740C730A815CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8DED52, Relevance: 6.1, APIs: 4, Instructions: 110timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F8684,6D8F8668,?,?,6D8F8668,6D8F8668,?,6D8DE5F4,?,80000002,6D8F8668,6D8F8660), ref: 6D8DEDA9
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F8684,6D8F8684,6D8F8668,?,?,6D8F8668,6D8F8668,?,6D8DE5F4,?,80000002,6D8F8668,6D8F8660), ref: 6D8DEE42
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,6D8F8684,6D8F8684,6D8F8668,?,?,6D8F8668,6D8F8668,?,6D8DE5F4,?,80000002,6D8F8668,6D8F8660), ref: 6D8DEE50
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F8684,6D8F8684,6D8F8668,?,?,6D8F8668,6D8F8668,?,6D8DE5F4,?,80000002,6D8F8668,6D8F8660), ref: 6D8DEE5B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireDebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 309489879-0
                                                                                  • Opcode ID: f7bdca3c2beef6264aeaf4c55e0888fcdcece89930a5658495b30836b7b9dd92
                                                                                  • Instruction ID: 20ee8afb60838432baab251199295299d99462e47921ab727b24f3ed950940c3
                                                                                  • Opcode Fuzzy Hash: f7bdca3c2beef6264aeaf4c55e0888fcdcece89930a5658495b30836b7b9dd92
                                                                                  • Instruction Fuzzy Hash: 3F31E532A004299FCB1ACE19CC9496DF7B5EF8A3203158A6DE956CB395DB34ED41CBC0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D82ECE0, Relevance: 6.1, APIs: 4, Instructions: 103timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,00000000,00000000), ref: 6D82ED2C
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,00000000,00000000,?,00000000,00000000), ref: 6D82ED90
                                                                                  • TpSetWaitEx.BCCB ref: 6D8742DE
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,00000000,00000000,?,00000000,00000000), ref: 6D87432F
                                                                                    • Part of subcall function 6D82FC39: ZwAssociateWaitCompletionPacket.BCCB(?,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000,?,00000000,00000000), ref: 6D82FC71
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLockWait$AcquireAssociateCompletionDebugPacketPrintReleaseTimes
                                                                                  • String ID:
                                                                                  • API String ID: 1549838691-0
                                                                                  • Opcode ID: a18601ead69c818a503761c5146bb2d559b914325293245d69bc97dd587e6422
                                                                                  • Instruction ID: b1d150d004f897b7a9ed7e6b52769db3810c7f4d1281e97b156db3684dfa7594
                                                                                  • Opcode Fuzzy Hash: a18601ead69c818a503761c5146bb2d559b914325293245d69bc97dd587e6422
                                                                                  • Instruction Fuzzy Hash: E731E17160471BABC715CF3C88487AAF7A4BF89314F014D29E868C7240DB30E861CBD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8BC08A, Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(00000180,?,?,?,00000001,00000000,00000000,?,6D8BBC33,?,00000001,00000020,?,?), ref: 6D8BC0CA
                                                                                  • memcpy.BCCB(0000000C,?,?,00000000,?,?,?,?,?,00000001,00000000,00000000,?,6D8BBC33,?,00000001), ref: 6D8BC115
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,00000000,?,?,?,?,?,00000001,00000000,00000000,?,6D8BBC33,?,00000001,00000020,?), ref: 6D8BC17F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireReleasememcpy
                                                                                  • String ID:
                                                                                  • API String ID: 753335654-0
                                                                                  • Opcode ID: b185da27b937c7602553cceb12f47188b42e9703bed1c2b7913dfada531282e8
                                                                                  • Instruction ID: 8abbc5b2b547782e8374a48939d86bbd980f2c6301c946008baf2371a78e4934
                                                                                  • Opcode Fuzzy Hash: b185da27b937c7602553cceb12f47188b42e9703bed1c2b7913dfada531282e8
                                                                                  • Instruction Fuzzy Hash: 1531F376A08506ABC715CF68C884AE6F3B9FF44714B04C82DE95DDB302DB30E952CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8D8050, Relevance: 6.1, APIs: 4, Instructions: 78threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6D8F86C4,00000008,?,00000000,00000008,?,6D85F8D6,?,00000000,00000000,?,6D8022D2,00000000,?,00000000,00000034), ref: 6D8D80AA
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6D8F86C4,6D8F86C4,00000008,?,00000000,00000008,?,6D85F8D6,?,00000000,00000000,?,6D8022D2,00000000,?,00000000), ref: 6D8D80DD
                                                                                  • TpSetPoolMaxThreads.BCCB(00000000,00000000,6D8F86C4,6D8F86C4,00000008,?,00000000,00000008,?,6D85F8D6,?,00000000,00000000,?,6D8022D2,00000000), ref: 6D8D80F3
                                                                                  • TpSetPoolMaxThreadsSoftLimit.BCCB(00000000,00000000,00000000,00000000,6D8F86C4,6D8F86C4,00000008,?,00000000,00000008,?,6D85F8D6,?,00000000,00000000), ref: 6D8D80FB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLockPoolThreads$AcquireLimitReleaseSoft
                                                                                  • String ID:
                                                                                  • API String ID: 4208054433-0
                                                                                  • Opcode ID: 34659df231b39faaac3b274bed5d456d7c10cd4adccb7c32586d65d00240d5bd
                                                                                  • Instruction ID: 43b2d27e270302908b11a70c5572471c621a4512bfc945d2d349bec1e56b587a
                                                                                  • Opcode Fuzzy Hash: 34659df231b39faaac3b274bed5d456d7c10cd4adccb7c32586d65d00240d5bd
                                                                                  • Instruction Fuzzy Hash: E4113FB2B0512757C7506A6E4C9CF6BA2749F85784B521E39FE10E73C0DA31CD05C6E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D892D0B, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(?,00000000,00000000,00000008,?,?,6D85FFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000), ref: 6D892D24
                                                                                  • RtlAcquireSRWLockShared.BCCB(0000000C,?,00000000,00000000,00000008,?,?,6D85FFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6D892D3C
                                                                                    • Part of subcall function 6D82FAD0: RtlDllShutdownInProgress.BCCB(00000000), ref: 6D82FB35
                                                                                    • Part of subcall function 6D82FAD0: ZwWaitForAlertByThreadId.BCCB(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6D82FBE3
                                                                                  • RtlReleaseSRWLockShared.BCCB(0000000C,0000000C,?,00000000,00000000,00000008,?,?,6D85FFD2,00000000,?), ref: 6D892D6A
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,?,00000000,00000000,00000008,?,?,6D85FFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6D892D95
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: LockShared$AcquireRelease$AlertProgressShutdownThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 276812241-0
                                                                                  • Opcode ID: bf606a245a4b87ac45ea5ff2e46cf175807c0f2422e59d37d298af857c791320
                                                                                  • Instruction ID: 00b101603d0ea1fbdd718ad97fe3deb2e6abea8473638f87bd5af15c3e630fdb
                                                                                  • Opcode Fuzzy Hash: bf606a245a4b87ac45ea5ff2e46cf175807c0f2422e59d37d298af857c791320
                                                                                  • Instruction Fuzzy Hash: 3411917150120A9BCB30CA5DD488FA6B3FCEB89758B514C5EE68AC7200D735ED45C7D0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D8B8061, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 402COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: xl--$xn--
                                                                                  • API String ID: 0-2182639396
                                                                                  • Opcode ID: 9eb319e92ff8fd0eec59d7eb3f16f4f7178b1f7557f99313761121e37714d4f1
                                                                                  • Instruction ID: ba0d3976ec16b629254d69e57463a4b1fe9d599b8592ef708e50929247dc2a6e
                                                                                  • Opcode Fuzzy Hash: 9eb319e92ff8fd0eec59d7eb3f16f4f7178b1f7557f99313761121e37714d4f1
                                                                                  • Instruction Fuzzy Hash: CDE1A371E0421B9FDF14CFA8C8986ADB7B5FF88310F24886AE955EB340D7749982CB51
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6D88F2B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _wcsicmp.BCCB(?,?,-00000054,-00000054,00000000), ref: 6D88F2FB
                                                                                  • DbgPrint.BCCB(AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports ,?,?,-00000054,-00000054,00000000), ref: 6D88F323
                                                                                  Strings
                                                                                  • AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports , xrefs: 6D88F31E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000004.00000002.716058267.000000006D7E1000.00000020.00020000.sdmp, Offset: 6D7E0000, based on PE: true
                                                                                  • Associated: 00000004.00000002.716048459.000000006D7E0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716318975.000000006D8F5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716329080.000000006D8FB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 00000004.00000002.716338273.000000006D8FF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print_wcsicmp
                                                                                  • String ID: AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports
                                                                                  • API String ID: 2655330621-555053354
                                                                                  • Opcode ID: 068c7d0ca1e02d47d6340a8f2346e22ee2178024c6a7fa18969e8f113782d092
                                                                                  • Instruction ID: aef4fa292dd16a6fa368c7ccbe1488a1c20f2b7b16ac1ba681ee3e05d878e58b
                                                                                  • Opcode Fuzzy Hash: 068c7d0ca1e02d47d6340a8f2346e22ee2178024c6a7fa18969e8f113782d092
                                                                                  • Instruction Fuzzy Hash: BD212632904209EFDB11CF54D988B6CF7B5FFA5724F2549E8D8542B292D331AE41DB80
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Analysis Process: ahafdus PID: 4832 Parent PID: 6224 ahafdusCOMMON

                                                                                  Executed Functions

                                                                                  Function 004017CF, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788206319.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b73f49d69ce8a83511e0385fdca7b9e6308d661dd6d68c6a301460ca41beaec2
                                                                                  • Instruction ID: cbbf32c5e2e10350ea02e432cad34c2c1c90d590ab6938e2c4876749d7290e64
                                                                                  • Opcode Fuzzy Hash: b73f49d69ce8a83511e0385fdca7b9e6308d661dd6d68c6a301460ca41beaec2
                                                                                  • Instruction Fuzzy Hash: E611C233208204AAD7017AA59C41EE93755AB44364F24C937F653B90E2D67ECB12A36B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004017F6, Relevance: 3.1, APIs: 2, Instructions: 51sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 16%
                                                                                  			E004017F6(void* __eflags, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t8;
				void* _t11;
				intOrPtr _t13;
				void* _t16;
				intOrPtr* _t17;
				void* _t20;
				void* _t21;
				void* _t22;
				intOrPtr* _t23;

				_t27 = __fp0;
				_t25 = __eflags;
				_t8 = 0x182a;
				L00401123(_t8, _t16, _t21, _t22, __eflags, __fp0);
				_t17 = _a4;
				Sleep(0x1388);
				_t11 = L0040135B(_t20, _t25, _t17, _a8, _a12,  &_v8); // executed
				_t26 = _t11;
				if(_t11 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t11);
					_push(_t17); // executed
					E00401434(_t20, __fp0); // executed
				}
				 *_t17(0xffffffff, 0); // executed
				_push(0x182a);
				_t13 =  *_t23;
				return L00401123(_t13, _t17, _t21, _t22, _t26, _t27);
			}

















                                                                                  0x004017f6
                                                                                  0x004017f6
                                                                                  0x0040180c
                                                                                  0x00401825
                                                                                  0x0040182a
                                                                                  0x00401832
                                                                                  0x00401840
                                                                                  0x00401845
                                                                                  0x00401847
                                                                                  0x00401849
                                                                                  0x0040184c
                                                                                  0x0040184f
                                                                                  0x00401850
                                                                                  0x00401851
                                                                                  0x00401851
                                                                                  0x0040185a
                                                                                  0x00401861
                                                                                  0x00401866
                                                                                  0x0040188e

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788206319.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: 6a7cf19de6761fce0083085474fd9223dd0ae502fe144c85d3bedb33ae351366
                                                                                  • Instruction ID: f44c0c678efd7cc1f0db04d016b1e08d4b92527be734d4edd411b9c4bc48f7d8
                                                                                  • Opcode Fuzzy Hash: 6a7cf19de6761fce0083085474fd9223dd0ae502fe144c85d3bedb33ae351366
                                                                                  • Instruction Fuzzy Hash: 57018F33608208E6EB017A919C41EAA362DAB44354F20C437FA13790F1D63DDB22636F
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040180F, Relevance: 3.0, APIs: 2, Instructions: 46sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 15%
                                                                                  			E0040180F(void* __ebx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t8;
				void* _t11;
				intOrPtr _t13;
				intOrPtr* _t17;
				void* _t21;
				void* _t25;
				void* _t27;
				intOrPtr* _t29;

				_t34 = __fp0;
				_t32 = __eflags;
				_t22 = __edi;
				_t25 = __esi + 1;
				asm("insb");
				_t8 = 0x182a;
				L00401123(_t8, __ebx, __edi, _t25, __eflags, __fp0);
				_t17 =  *((intOrPtr*)(_t27 + 8));
				Sleep(0x1388);
				_t11 = L0040135B(_t21, _t32, _t17,  *((intOrPtr*)(_t27 + 0xc)),  *((intOrPtr*)(_t27 + 0x10)), _t27 - 4); // executed
				_t33 = _t11;
				if(_t11 != 0) {
					_push( *((intOrPtr*)(_t27 + 0x14)));
					_push( *((intOrPtr*)(_t27 - 4)));
					_push(_t11);
					_push(_t17); // executed
					E00401434(_t21, __fp0); // executed
				}
				 *_t17(0xffffffff, 0); // executed
				_push(0x182a);
				_t13 =  *_t29;
				return L00401123(_t13, _t17, _t22, _t25, _t33, _t34);
			}











                                                                                  0x0040180f
                                                                                  0x0040180f
                                                                                  0x0040180f
                                                                                  0x0040180f
                                                                                  0x00401810
                                                                                  0x0040180c
                                                                                  0x00401825
                                                                                  0x0040182a
                                                                                  0x00401832
                                                                                  0x00401840
                                                                                  0x00401845
                                                                                  0x00401847
                                                                                  0x00401849
                                                                                  0x0040184c
                                                                                  0x0040184f
                                                                                  0x00401850
                                                                                  0x00401851
                                                                                  0x00401851
                                                                                  0x0040185a
                                                                                  0x00401861
                                                                                  0x00401866
                                                                                  0x0040188e

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788206319.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: b15120a212d8611f77249b5fd85c79ee98f4ca06b2b3712986372b675c672e64
                                                                                  • Instruction ID: 48acae04af8da51ef02e9849ebfc680ab818ef24d21f43ef1aab5928ff4008e5
                                                                                  • Opcode Fuzzy Hash: b15120a212d8611f77249b5fd85c79ee98f4ca06b2b3712986372b675c672e64
                                                                                  • Instruction Fuzzy Hash: F7F06D33608204E6DB057A919C41EAA3629EB44354F20D437FA13790F1D63DCB22676B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401801, Relevance: 3.0, APIs: 2, Instructions: 45sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 15%
                                                                                  			E00401801(void* __eax, void* __ebx, void* __ecx, void* __edi, void* __esi, void* __fp0) {
				void* _t9;
				void* _t12;
				intOrPtr _t14;
				intOrPtr* _t18;
				void* _t24;
				void* _t29;
				intOrPtr* _t31;
				void* _t34;

				_t36 = __fp0;
				_t27 = __esi;
				_t25 = __edi;
				_t34 = __eax - 0x41;
				asm("rol byte [ecx+0x49], 0xde");
				_t9 = 0x182a;
				L00401123(_t9, __ebx, __edi, __esi, _t34, __fp0);
				_t18 =  *((intOrPtr*)(_t29 + 8));
				Sleep(0x1388);
				_t12 = L0040135B(_t24, _t34, _t18,  *((intOrPtr*)(_t29 + 0xc)),  *((intOrPtr*)(_t29 + 0x10)), _t29 - 4); // executed
				_t35 = _t12;
				if(_t12 != 0) {
					_push( *((intOrPtr*)(_t29 + 0x14)));
					_push( *((intOrPtr*)(_t29 - 4)));
					_push(_t12);
					_push(_t18); // executed
					E00401434(_t24, __fp0); // executed
				}
				 *_t18(0xffffffff, 0); // executed
				_push(0x182a);
				_t14 =  *_t31;
				return L00401123(_t14, _t18, _t25, _t27, _t35, _t36);
			}











                                                                                  0x00401801
                                                                                  0x00401801
                                                                                  0x00401801
                                                                                  0x00401801
                                                                                  0x00401803
                                                                                  0x0040180c
                                                                                  0x00401825
                                                                                  0x0040182a
                                                                                  0x00401832
                                                                                  0x00401840
                                                                                  0x00401845
                                                                                  0x00401847
                                                                                  0x00401849
                                                                                  0x0040184c
                                                                                  0x0040184f
                                                                                  0x00401850
                                                                                  0x00401851
                                                                                  0x00401851
                                                                                  0x0040185a
                                                                                  0x00401861
                                                                                  0x00401866
                                                                                  0x0040188e

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788206319.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: 0b4fff528f7343fdf6ce3e90feea1017d92b5691bb2728036937f774f84db527
                                                                                  • Instruction ID: 119cae1355dad8a7e2970d485ac4cea4613771891b78224641446a0799fa45cc
                                                                                  • Opcode Fuzzy Hash: 0b4fff528f7343fdf6ce3e90feea1017d92b5691bb2728036937f774f84db527
                                                                                  • Instruction Fuzzy Hash: E401D133608204E6EB017A959C41EA9332AAB44354F20C437FA13B90F1D63DCB23636F
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401813, Relevance: 3.0, APIs: 2, Instructions: 40sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 19%
                                                                                  			E00401813(void* __eax, void* __ebx, void* __edi, void* __esi, void* __fp0) {
				void* _t12;
				intOrPtr _t14;
				intOrPtr* _t18;
				void* _t22;
				void* _t27;
				intOrPtr* _t29;
				void* _t32;

				_t34 = __fp0;
				_t25 = __esi;
				_t23 = __edi;
				_t9 = __eax + 0xeb530ceb;
				_t32 = __eax + 0xeb530ceb;
				L00401123(_t9, __ebx, __edi, __esi, _t32, __fp0);
				_t18 =  *((intOrPtr*)(_t27 + 8));
				Sleep(0x1388);
				_t12 = L0040135B(_t22, _t32, _t18,  *((intOrPtr*)(_t27 + 0xc)),  *((intOrPtr*)(_t27 + 0x10)), _t27 - 4); // executed
				_t33 = _t12;
				if(_t12 != 0) {
					_push( *((intOrPtr*)(_t27 + 0x14)));
					_push( *((intOrPtr*)(_t27 - 4)));
					_push(_t12);
					_push(_t18); // executed
					E00401434(_t22, __fp0); // executed
				}
				 *_t18(0xffffffff, 0); // executed
				_push(0x182a);
				_t14 =  *_t29;
				return L00401123(_t14, _t18, _t23, _t25, _t33, _t34);
			}










                                                                                  0x00401813
                                                                                  0x00401813
                                                                                  0x00401813
                                                                                  0x00401813
                                                                                  0x00401813
                                                                                  0x00401825
                                                                                  0x0040182a
                                                                                  0x00401832
                                                                                  0x00401840
                                                                                  0x00401845
                                                                                  0x00401847
                                                                                  0x00401849
                                                                                  0x0040184c
                                                                                  0x0040184f
                                                                                  0x00401850
                                                                                  0x00401851
                                                                                  0x00401851
                                                                                  0x0040185a
                                                                                  0x00401861
                                                                                  0x00401866
                                                                                  0x0040188e

                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788206319.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: 63528e0b3e8530a06502082b2d99fd6855e4d61733b598eccadb50dbd4e00aa0
                                                                                  • Instruction ID: c56155a672da13c71d9fce5e41de725e450be6a981e5abff0929b3f9d7449b23
                                                                                  • Opcode Fuzzy Hash: 63528e0b3e8530a06502082b2d99fd6855e4d61733b598eccadb50dbd4e00aa0
                                                                                  • Instruction Fuzzy Hash: E5F04F33648208EBDB047A959C41EAA3329AB44354F248437FA12791E1C63DCB22A76B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401820, Relevance: 3.0, APIs: 2, Instructions: 40sleepnativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(00001388), ref: 00401832
                                                                                  • NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 0040185A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788206319.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                  Similarity
                                                                                  • API ID: ProcessSleepTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 417527130-0
                                                                                  • Opcode ID: 0b233a373609587fd224fb939b9a75234c43ffa1b5ed46427ab1088abd2792a2
                                                                                  • Instruction ID: e8af3458e311d1aad7381624eb2d4812aedbb4c11a195dc2f5e0b7f7a2a653d5
                                                                                  • Opcode Fuzzy Hash: 0b233a373609587fd224fb939b9a75234c43ffa1b5ed46427ab1088abd2792a2
                                                                                  • Instruction Fuzzy Hash: 62F06233604104EBDB017F919C41EAE3629EB44354F248437FB12791E2C63DCB22675B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F53967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6F581C65,000000FF,00000007,?,00000004,00000000,?,?,?,6F581951,00000065,00000000,?,6F580C5E,?,00000000), ref: 6F539694
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: bf81fa3e7751effe59b0598fab4a01388f20aedd039fd9fef1fbc1779dfb90aa
                                                                                  • Instruction ID: e61ca899e7201b106b84ae034018a57c3046d8c10e7a3f423496c3f812ee9051
                                                                                  • Opcode Fuzzy Hash: bf81fa3e7751effe59b0598fab4a01388f20aedd039fd9fef1fbc1779dfb90aa
                                                                                  • Instruction Fuzzy Hash: B6B09BF2D464D5C5D705D76446087177E557BD0741F16C071E1020A41E4778D491F5B5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F539780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6F581A79,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004), ref: 6F53978A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: acdad2a96c4a2165f7258e656a1d8dc78591794a154076c86dedb4fd363f69d4
                                                                                  • Instruction ID: 48d68b4ab280ddd1ec6d61c9cba73f5cd5beff17cd011e97e5ac1499b917c98b
                                                                                  • Opcode Fuzzy Hash: acdad2a96c4a2165f7258e656a1d8dc78591794a154076c86dedb4fd363f69d4
                                                                                  • Instruction Fuzzy Hash: 4D9002B935300002D284B159540860A044657E1342F91D435B0005958CC9658C6A6361
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F539660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6F5818BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6F5D0810,0000001C,6F581616), ref: 6F53966A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 127e026d92e2b4400dac3ecd71847eb23f3b963b1f6904c871e283bf4d52a5d1
                                                                                  • Instruction ID: 3f2e4ad0ccff680095283d0acd8f76fec7cd73a882b1c9bbff6c790efd4e69b1
                                                                                  • Opcode Fuzzy Hash: 127e026d92e2b4400dac3ecd71847eb23f3b963b1f6904c871e283bf4d52a5d1
                                                                                  • Instruction Fuzzy Hash: 0C9002B134100802D284B159440464A044657E1341F91C035B0015A54DCA658E5A77E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F539600, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6F531119,?,?,00000018,?), ref: 6F53960A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 86bd8cdeabdd0c638d00dacdb5844eea8d2fd278624ce1f9298b040a46702e4f
                                                                                  • Instruction ID: eda2a383d6bb8daad292e48445fdb8ebc95ee4154161bbebb1631db0de4924dd
                                                                                  • Opcode Fuzzy Hash: 86bd8cdeabdd0c638d00dacdb5844eea8d2fd278624ce1f9298b040a46702e4f
                                                                                  • Instruction Fuzzy Hash: 289002B134100442D204A2594404B4A454667F0341F51C035B0404A54D85A58C627161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5399A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6F581A59,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6F5399AA
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: a2a92ea2cb71a71c99eaab0820e2f19b45f97632e36f2156dbf27ccfba873aae
                                                                                  • Instruction ID: b38c3293431922e951bb929e5b5ac0d936c36b824f897b80065ab8eef0cb533a
                                                                                  • Opcode Fuzzy Hash: a2a92ea2cb71a71c99eaab0820e2f19b45f97632e36f2156dbf27ccfba873aae
                                                                                  • Instruction Fuzzy Hash: 5F9002F138100442D204A1594414B06044697F1341F51C035F1054954D8669CC537166
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F539860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6F5815BB,00000073,?,00000008,00000000,?,00000568), ref: 6F53986A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 3a060f6d46bfef6ad2afb5be6403098cfd8f92fff71a763d45b794dda27c6132
                                                                                  • Instruction ID: b5a125ab88e1c3baf6b189981359f513102802f3a6f7ad4850c08d5b3145e33a
                                                                                  • Opcode Fuzzy Hash: 3a060f6d46bfef6ad2afb5be6403098cfd8f92fff71a763d45b794dda27c6132
                                                                                  • Instruction Fuzzy Hash: A39002B134100413D215A1594504707044A57E0381F91C432B0414958D96A68D53B161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F539820, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6F552EA4,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?,00000002,?), ref: 6F53982A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 5903fb75d4d064498c6cb480f117b165bcfc8146a5c7238858060bd211928ad2
                                                                                  • Instruction ID: 312be784d83b1db402585c87fafb65139beefa3da4e2f6430aeb11d4f5bfc704
                                                                                  • Opcode Fuzzy Hash: 5903fb75d4d064498c6cb480f117b165bcfc8146a5c7238858060bd211928ad2
                                                                                  • Instruction Fuzzy Hash: D69002B138100402D245B1594404606044A67E0381F91C032B0414954E86A58E57BAA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5398C0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrInitializeThunk.NTDLL(6F58108E,000000FF,000000FF,000000FF,?,001FFFFF,00000002,00000000,6F5D07D0,00000058,6F580C91,?,00000000,?,00000000), ref: 6F5398CA
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: fe0bb48bfd0673527f1a4265709c5580b0de60c75526c5018ff26ea52cea8a46
                                                                                  • Instruction ID: 218da9d04721479f63c5e562f3b99c51e6fb5a107152ce93c9e3d24bf30c4cea
                                                                                  • Opcode Fuzzy Hash: fe0bb48bfd0673527f1a4265709c5580b0de60c75526c5018ff26ea52cea8a46
                                                                                  • Instruction Fuzzy Hash: 909002B134100482E205A1594404F06144A57F0381F91C036B1019964D8665CD53B265
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Non-executed Functions

                                                                                  Function 6F5B4496, Relevance: 45.9, APIs: 18, Strings: 8, Instructions: 417memorynativeCOMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 55%
                                                                                  			E6F5B4496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E6F5B49A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x6f5e6378 = _t267;
						asm("int3");
						 *0x6f5e6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E6F52174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E6F4FB150();
							} else {
								E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E6F4FB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E6F4FB150();
							} else {
								E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E6F4FB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x6f5e6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E6F539660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E6F52174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E6F4FB150();
										} else {
											E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_push( *((intOrPtr*)(_t330 + 8)));
										_push(_t330 + 0x10);
										E6F4FB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E6F4FB150();
									} else {
										E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E6F4FB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E6F4FB150();
								} else {
									E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E6F4FB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E6F4FB150();
							} else {
								E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E6F5B4AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E6F5AFA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E6F5A23E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                                                                  0x6f5b44a1
                                                                                  0x6f5b44a3
                                                                                  0x6f5b44a7
                                                                                  0x6f5b44ac
                                                                                  0x6f5b44af
                                                                                  0x6f5b44b2
                                                                                  0x6f5b44b9
                                                                                  0x6f5b44bc
                                                                                  0x6f5b47f2
                                                                                  0x6f5b47f2
                                                                                  0x6f5b47f8
                                                                                  0x6f5b47fc
                                                                                  0x6f5b47fe
                                                                                  0x6f5b4804
                                                                                  0x6f5b4805
                                                                                  0x6f5b4805
                                                                                  0x6f5b480c
                                                                                  0x6f5b4810
                                                                                  0x6f5b4812
                                                                                  0x6f5b4812
                                                                                  0x6f5b4812
                                                                                  0x6f5b4822
                                                                                  0x6f5b4822
                                                                                  0x6f5b4827
                                                                                  0x6f5b4827
                                                                                  0x00000000
                                                                                  0x6f5b4827
                                                                                  0x6f5b44c4
                                                                                  0x6f5b44d3
                                                                                  0x6f5b44d9
                                                                                  0x6f5b44dc
                                                                                  0x6f5b44de
                                                                                  0x6f5b44e0
                                                                                  0x6f5b4560
                                                                                  0x6f5b4520
                                                                                  0x6f5b4522
                                                                                  0x6f5b4525
                                                                                  0x6f5b4528
                                                                                  0x6f5b452b
                                                                                  0x6f5b452e
                                                                                  0x6f5b4530
                                                                                  0x6f5b4697
                                                                                  0x6f5b469d
                                                                                  0x6f5b46a1
                                                                                  0x6f5b46c0
                                                                                  0x6f5b46c5
                                                                                  0x6f5b46a3
                                                                                  0x6f5b46b8
                                                                                  0x6f5b46bd
                                                                                  0x6f5b46cb
                                                                                  0x6f5b46d4
                                                                                  0x6f5b4677
                                                                                  0x6f5b4677
                                                                                  0x6f5b4679
                                                                                  0x6f5b467c
                                                                                  0x6f5b468a
                                                                                  0x6f5b4690
                                                                                  0x6f5b4690
                                                                                  0x6f5b47f1
                                                                                  0x6f5b47f1
                                                                                  0x6f5b47f1
                                                                                  0x00000000
                                                                                  0x6f5b47f1
                                                                                  0x6f5b4536
                                                                                  0x6f5b4539
                                                                                  0x6f5b453c
                                                                                  0x6f5b4636
                                                                                  0x6f5b463c
                                                                                  0x6f5b4640
                                                                                  0x6f5b465f
                                                                                  0x6f5b4664
                                                                                  0x6f5b4642
                                                                                  0x6f5b4657
                                                                                  0x6f5b465c
                                                                                  0x6f5b4670
                                                                                  0x00000000
                                                                                  0x6f5b4542
                                                                                  0x6f5b4542
                                                                                  0x6f5b4546
                                                                                  0x6f5b4548
                                                                                  0x6f5b454b
                                                                                  0x6f5b4555
                                                                                  0x6f5b455b
                                                                                  0x6f5b455b
                                                                                  0x6f5b455b
                                                                                  0x6f5b455d
                                                                                  0x6f5b455d
                                                                                  0x6f5b455d
                                                                                  0x00000000
                                                                                  0x6f5b455d
                                                                                  0x6f5b453c
                                                                                  0x6f5b4579
                                                                                  0x6f5b457c
                                                                                  0x6f5b4587
                                                                                  0x6f5b4589
                                                                                  0x6f5b4591
                                                                                  0x6f5b4592
                                                                                  0x6f5b4597
                                                                                  0x6f5b4598
                                                                                  0x6f5b45a1
                                                                                  0x6f5b45ab
                                                                                  0x6f5b45ab
                                                                                  0x6f5b45a1
                                                                                  0x6f5b45ae
                                                                                  0x6f5b45b4
                                                                                  0x6f5b45b9
                                                                                  0x6f5b45bd
                                                                                  0x6f5b4759
                                                                                  0x6f5b4759
                                                                                  0x6f5b475f
                                                                                  0x6f5b4761
                                                                                  0x6f5b4763
                                                                                  0x6f5b4765
                                                                                  0x6f5b4768
                                                                                  0x6f5b476b
                                                                                  0x6f5b476d
                                                                                  0x6f5b479c
                                                                                  0x6f5b479c
                                                                                  0x6f5b479f
                                                                                  0x6f5b47a2
                                                                                  0x6f5b47a4
                                                                                  0x6f5b4830
                                                                                  0x6f5b4833
                                                                                  0x6f5b4879
                                                                                  0x6f5b487d
                                                                                  0x6f5b48f1
                                                                                  0x6f5b48f3
                                                                                  0x6f5b48f3
                                                                                  0x00000000
                                                                                  0x6f5b48f3
                                                                                  0x6f5b487f
                                                                                  0x6f5b4885
                                                                                  0x6f5b4887
                                                                                  0x6f5b48a8
                                                                                  0x6f5b48a8
                                                                                  0x6f5b48ae
                                                                                  0x6f5b48b0
                                                                                  0x6f5b48dc
                                                                                  0x6f5b48dc
                                                                                  0x6f5b48dc
                                                                                  0x6f5b48dc
                                                                                  0x6f5b48ec
                                                                                  0x00000000
                                                                                  0x6f5b48ec
                                                                                  0x6f5b48b2
                                                                                  0x6f5b48bc
                                                                                  0x6f5b48be
                                                                                  0x6f5b48c1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b48c3
                                                                                  0x6f5b48c3
                                                                                  0x6f5b48c6
                                                                                  0x6f5b48c9
                                                                                  0x6f5b48cc
                                                                                  0x6f5b48d1
                                                                                  0x6f5b48d4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b48d6
                                                                                  0x6f5b48d7
                                                                                  0x6f5b48da
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b48da
                                                                                  0x6f5b494f
                                                                                  0x6f5b4955
                                                                                  0x6f5b4959
                                                                                  0x6f5b4978
                                                                                  0x6f5b497d
                                                                                  0x6f5b495b
                                                                                  0x6f5b4970
                                                                                  0x6f5b4975
                                                                                  0x6f5b4986
                                                                                  0x6f5b4987
                                                                                  0x6f5b498d
                                                                                  0x6f5b4990
                                                                                  0x6f5b4997
                                                                                  0x6f5b47ef
                                                                                  0x6f5b47ef
                                                                                  0x6f5b47ef
                                                                                  0x00000000
                                                                                  0x6f5b47ef
                                                                                  0x6f5b4890
                                                                                  0x6f5b4890
                                                                                  0x6f5b4891
                                                                                  0x6f5b4891
                                                                                  0x6f5b4894
                                                                                  0x6f5b4897
                                                                                  0x6f5b489d
                                                                                  0x6f5b48a0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b48a2
                                                                                  0x6f5b48a3
                                                                                  0x6f5b48a6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b48a6
                                                                                  0x6f5b48fb
                                                                                  0x6f5b4901
                                                                                  0x6f5b4905
                                                                                  0x6f5b4924
                                                                                  0x6f5b4929
                                                                                  0x6f5b4907
                                                                                  0x6f5b491c
                                                                                  0x6f5b4921
                                                                                  0x6f5b492f
                                                                                  0x6f5b4935
                                                                                  0x6f5b4936
                                                                                  0x6f5b4939
                                                                                  0x6f5b4942
                                                                                  0x00000000
                                                                                  0x6f5b4947
                                                                                  0x6f5b4835
                                                                                  0x6f5b483b
                                                                                  0x6f5b483f
                                                                                  0x6f5b485e
                                                                                  0x6f5b4863
                                                                                  0x6f5b4841
                                                                                  0x6f5b4856
                                                                                  0x6f5b485b
                                                                                  0x6f5b4869
                                                                                  0x6f5b486c
                                                                                  0x6f5b486f
                                                                                  0x6f5b47e7
                                                                                  0x6f5b47e7
                                                                                  0x00000000
                                                                                  0x6f5b47ec
                                                                                  0x6f5b47aa
                                                                                  0x6f5b47b0
                                                                                  0x6f5b47b4
                                                                                  0x6f5b47d3
                                                                                  0x6f5b47d8
                                                                                  0x6f5b47b6
                                                                                  0x6f5b47cb
                                                                                  0x6f5b47d0
                                                                                  0x6f5b47de
                                                                                  0x6f5b47df
                                                                                  0x6f5b47e2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b476f
                                                                                  0x6f5b476f
                                                                                  0x6f5b4778
                                                                                  0x6f5b4785
                                                                                  0x6f5b4787
                                                                                  0x6f5b478c
                                                                                  0x6f5b478e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b4790
                                                                                  0x6f5b4792
                                                                                  0x6f5b4794
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b4796
                                                                                  0x6f5b4799
                                                                                  0x00000000
                                                                                  0x6f5b4799
                                                                                  0x00000000
                                                                                  0x6f5b45c3
                                                                                  0x6f5b45c3
                                                                                  0x6f5b45c7
                                                                                  0x6f5b45c7
                                                                                  0x6f5b45ca
                                                                                  0x6f5b45cf
                                                                                  0x6f5b45d3
                                                                                  0x6f5b45df
                                                                                  0x6f5b45e4
                                                                                  0x6f5b45e6
                                                                                  0x6f5b45e8
                                                                                  0x6f5b45ed
                                                                                  0x6f5b45ed
                                                                                  0x6f5b45f2
                                                                                  0x6f5b45f2
                                                                                  0x6f5b45f7
                                                                                  0x6f5b45fc
                                                                                  0x6f5b4602
                                                                                  0x6f5b4606
                                                                                  0x6f5b4609
                                                                                  0x6f5b460f
                                                                                  0x6f5b46de
                                                                                  0x6f5b46e3
                                                                                  0x6f5b46e5
                                                                                  0x6f5b46ec
                                                                                  0x6f5b46ee
                                                                                  0x6f5b46f6
                                                                                  0x6f5b46f6
                                                                                  0x6f5b46f6
                                                                                  0x6f5b46f6
                                                                                  0x6f5b46ec
                                                                                  0x6f5b4615
                                                                                  0x6f5b4615
                                                                                  0x6f5b461d
                                                                                  0x6f5b462e
                                                                                  0x6f5b462e
                                                                                  0x6f5b461d
                                                                                  0x6f5b460f
                                                                                  0x6f5b4609
                                                                                  0x6f5b46fd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b4710
                                                                                  0x6f5b471a
                                                                                  0x6f5b4720
                                                                                  0x6f5b4720
                                                                                  0x6f5b4722
                                                                                  0x6f5b472c
                                                                                  0x00000000
                                                                                  0x6f5b472e
                                                                                  0x6f5b472e
                                                                                  0x00000000
                                                                                  0x6f5b472e
                                                                                  0x6f5b472c
                                                                                  0x6f5b4738
                                                                                  0x6f5b473c
                                                                                  0x6f5b474b
                                                                                  0x6f5b4751
                                                                                  0x6f5b4751
                                                                                  0x00000000
                                                                                  0x6f5b473c
                                                                                  0x6f5b48f4
                                                                                  0x6f5b48f4
                                                                                  0x00000000
                                                                                  0x6f5b48f4

                                                                                  APIs
                                                                                    • Part of subcall function 6F5B49A4: ZwAllocateVirtualMemory.BCCB(000000FF,?,00000000,?,00001000,00000004,00000000,?,00000000,?,?,6F5B44B7,?), ref: 6F5B49DF
                                                                                    • Part of subcall function 6F5B49A4: RtlCompareMemory.BCCB(?,01000000,?,00000000,?,00000000,?,?,6F5B44B7,?), ref: 6F5B49FE
                                                                                    • Part of subcall function 6F5B49A4: DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?), ref: 6F5B4A42
                                                                                    • Part of subcall function 6F5B49A4: DbgPrint.BCCB(Heap %p - headers modified (%p is %lx instead of %lx),?,HEAP: ,HEAP: ,00000000,?), ref: 6F5B4A66
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,?,00000000,?,00001000,00000004), ref: 6F5B459A
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C), ref: 6F5B4657
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C,6F54F07A), ref: 6F5B4664
                                                                                  • DbgPrint.BCCB(Non-Dedicated free list element %p is out of order,-00000008,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C), ref: 6F5B4670
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C), ref: 6F5B46B8
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C,6F54F07A), ref: 6F5B46C5
                                                                                  • DbgPrint.BCCB(dedicated (%04Ix) free list element %p is marked busy,00000000,-00000008,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20), ref: 6F5B46D4
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C), ref: 6F5B47CB
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C,6F54F07A), ref: 6F5B47D8
                                                                                  • DbgPrint.BCCB(Total size of free blocks in arena (%Id) does not match number total in heap header (%Id),?,?,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20), ref: 6F5B47E7
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C), ref: 6F5B4856
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C,6F54F07A), ref: 6F5B4863
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C), ref: 6F5B491C
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C,6F54F07A), ref: 6F5B4929
                                                                                  • DbgPrint.BCCB(Pseudo Tag %04x size incorrect (%Ix != %Ix) %p,?,00000000,00000000,00000000), ref: 6F5B4942
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C), ref: 6F5B4970
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20,0000001C,6F54F07A), ref: 6F5B497D
                                                                                  • DbgPrint.BCCB(Tag %04x (%ws) size incorrect (%Ix != %Ix) %p,?,?,00000000,?,?), ref: 6F5B4997
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$Memory$AllocateVirtual$Compare
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                                                                  • API String ID: 1841224210-1357697941
                                                                                  • Opcode ID: 93a0db5c407380e41da686859faed31ee34d39c3068b040ff35969f4db24ec8d
                                                                                  • Instruction ID: a6caca5c9ffcaedf868cb47bcdd15acac50ebd2f32290b823e85f9b5eb3b89c5
                                                                                  • Opcode Fuzzy Hash: 93a0db5c407380e41da686859faed31ee34d39c3068b040ff35969f4db24ec8d
                                                                                  • Instruction Fuzzy Hash: 84F10431900A86DFCB25CF68C460FAAB7F5FF46308F11856EE49597A81D730AD46CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F8239, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 233nativememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 72%
                                                                                  			E6F4F8239(signed int* __ecx, long* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				long _v568;
				long _v572;
				intOrPtr _v576;
				short _v578;
				void* _v580;
				signed int _v584;
				intOrPtr _v586;
				void* _v588;
				void* _v592;
				void* _v596;
				intOrPtr _v600;
				long* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				void* _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t94;
				void* _t99;
				long _t118;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				void* _t138;
				intOrPtr _t143;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x6f5ed360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E6F506D30( &_v580, L"UseFilter") < 0) {
					L4:
					return E6F53B640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E6F539650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E6F506D30( &_v580, L"\\??\\") < 0) {
							goto L4;
						}
						if(RtlPrefixUnicodeString( &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E6F539820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E6F539600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E6F506D30( &_v580, L"FilterFullPath");
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E6F5395D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E6F539650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t150);
									}
									_t147 =  *( *[fs:0x30] + 0x18);
									if(_t147 != 0) {
										_t150 = RtlAllocateHeap(_t147,  *0x6f5e7b9c + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(RtlCompareUnicodeString( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E6F5395D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E6F5395D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

















































                                                                                  0x6f4f8239
                                                                                  0x6f4f824b
                                                                                  0x6f4f824e
                                                                                  0x6f4f825d
                                                                                  0x6f4f8260
                                                                                  0x6f4f826e
                                                                                  0x6f4f8275
                                                                                  0x6f4f827b
                                                                                  0x6f4f827d
                                                                                  0x6f4f8287
                                                                                  0x6f4f8294
                                                                                  0x6f4f82ce
                                                                                  0x6f4f82de
                                                                                  0x6f4f82de
                                                                                  0x6f4f829c
                                                                                  0x6f4f829d
                                                                                  0x6f4f82a8
                                                                                  0x6f4f82a9
                                                                                  0x6f4f82b1
                                                                                  0x6f4f82b2
                                                                                  0x6f4f82b4
                                                                                  0x6f4f82bb
                                                                                  0x6f552dfa
                                                                                  0x6f4f82cc
                                                                                  0x6f4f82cc
                                                                                  0x6f552e19
                                                                                  0x6f552e19
                                                                                  0x6f552e1b
                                                                                  0x6f552e1e
                                                                                  0x6f552e30
                                                                                  0x6f552e3d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f552e5a
                                                                                  0x6f552e61
                                                                                  0x6f552e68
                                                                                  0x6f552e72
                                                                                  0x6f552e72
                                                                                  0x6f552e78
                                                                                  0x6f552e7e
                                                                                  0x6f552e80
                                                                                  0x6f552e86
                                                                                  0x6f552e8c
                                                                                  0x6f552e8c
                                                                                  0x6f552e92
                                                                                  0x6f552e93
                                                                                  0x6f552e99
                                                                                  0x6f552e9a
                                                                                  0x6f552e9c
                                                                                  0x6f552e9d
                                                                                  0x6f552ea4
                                                                                  0x6f552ea8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f552eae
                                                                                  0x6f552eb8
                                                                                  0x6f552ec3
                                                                                  0x6f552eca
                                                                                  0x6f552ed1
                                                                                  0x6f552edb
                                                                                  0x6f552ee3
                                                                                  0x6f552eef
                                                                                  0x6f552efb
                                                                                  0x6f552efc
                                                                                  0x6f552f08
                                                                                  0x6f552f12
                                                                                  0x6f552f13
                                                                                  0x6f552f22
                                                                                  0x6f552f26
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f552f3d
                                                                                  0x6f552f41
                                                                                  0x6f553069
                                                                                  0x6f553069
                                                                                  0x6f55306f
                                                                                  0x00000000
                                                                                  0x6f55306f
                                                                                  0x6f552f47
                                                                                  0x6f552f4d
                                                                                  0x6f552f53
                                                                                  0x6f552f59
                                                                                  0x6f552f5a
                                                                                  0x6f552f5b
                                                                                  0x6f552f5c
                                                                                  0x6f552f64
                                                                                  0x6f552f65
                                                                                  0x6f552f70
                                                                                  0x6f552f78
                                                                                  0x6f552f84
                                                                                  0x6f552f92
                                                                                  0x6f552f92
                                                                                  0x6f552f9d
                                                                                  0x6f552fa2
                                                                                  0x6f553004
                                                                                  0x6f553008
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55300a
                                                                                  0x6f553010
                                                                                  0x6f553012
                                                                                  0x6f553018
                                                                                  0x00000000
                                                                                  0x6f552fa4
                                                                                  0x6f552fa4
                                                                                  0x6f552fa6
                                                                                  0x6f552fa6
                                                                                  0x00000000
                                                                                  0x6f552fa6
                                                                                  0x6f552fab
                                                                                  0x6f552fab
                                                                                  0x6f552fab
                                                                                  0x6f552fab
                                                                                  0x6f552fb1
                                                                                  0x6f552fb1
                                                                                  0x6f552fc1
                                                                                  0x6f552fc7
                                                                                  0x6f552fcf
                                                                                  0x6f553020
                                                                                  0x6f55302a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55302c
                                                                                  0x6f553034
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f553036
                                                                                  0x6f553039
                                                                                  0x6f553040
                                                                                  0x6f55304a
                                                                                  0x6f553067
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f553067
                                                                                  0x6f552fd1
                                                                                  0x6f552fd7
                                                                                  0x6f552fdc
                                                                                  0x6f552fe4
                                                                                  0x6f552fe6
                                                                                  0x6f553074
                                                                                  0x6f55307a
                                                                                  0x6f553080
                                                                                  0x6f553081
                                                                                  0x6f553087
                                                                                  0x6f553091
                                                                                  0x6f55309f
                                                                                  0x6f55309f
                                                                                  0x6f5530a6
                                                                                  0x6f5530a8
                                                                                  0x6f5530aa
                                                                                  0x6f5530b5
                                                                                  0x6f5530b5
                                                                                  0x6f5530b7
                                                                                  0x6f5530bf
                                                                                  0x6f5530c1
                                                                                  0x6f5530c1
                                                                                  0x00000000
                                                                                  0x6f552dfa
                                                                                  0x6f4f82c6
                                                                                  0x6f552ddd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f552de8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f552dee
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlInitUnicodeStringEx.BCCB(?,UseFilter,?,00000000,?), ref: 6F4F828D
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6F4F82B4
                                                                                  • RtlInitUnicodeStringEx.BCCB(?,\??\,?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6F552E36
                                                                                  • RtlPrefixUnicodeString.BCCB(?,?,00000001,?,\??\,?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6F552E53
                                                                                  • ZwEnumerateKey.BCCB(?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?,00000002,?,00000220), ref: 6F552E9F
                                                                                  • ZwOpenKey.BCCB(00000000,?,?,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?), ref: 6F552F1D
                                                                                  • RtlInitUnicodeStringEx.BCCB(?,FilterFullPath,00000000,?,?,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\), ref: 6F552F38
                                                                                  • ZwQueryValueKey.BCCB(00000000,?,00000002,?,00000220,?,?,FilterFullPath,00000000,?,?,?,00000000,00000000,?,00000220), ref: 6F552F6B
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,?,00000002,?,00000220,?,?,FilterFullPath,00000000,?,?,?,00000000), ref: 6F552F92
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: StringUnicode$Init$QueryValue$EnumerateFreeHeapOpenPrefix
                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                  • API String ID: 941260810-2779062949
                                                                                  • Opcode ID: 456a96ba56a8882f8e9626cdb48e03f39644f511dbb302c3425f477ca45be9fd
                                                                                  • Instruction ID: ed9bca7d0c22832c50ee9e3094c6b6a978b5f95e438dc7db5e725ac7403e2917
                                                                                  • Opcode Fuzzy Hash: 456a96ba56a8882f8e9626cdb48e03f39644f511dbb302c3425f477ca45be9fd
                                                                                  • Instruction Fuzzy Hash: 68A18D729016299BDB21DF28CC88BD9B7B8EF45714F0101EAE90CEB250E735AE85CF50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F40FD, Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 195nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 60%
                                                                                  			E6F4F40FD(void* __ecx) {
				signed int _v8;
				long _v548;
				signed int _v552;
				char _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t53;
				unsigned int _t66;
				void* _t68;
				wchar_t* _t73;
				intOrPtr _t77;
				short* _t85;
				wchar_t* _t98;
				signed int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x6f5ed360 ^ _t107;
				_v8 =  *0x6f5ed360 ^ _t107;
				_t105 = __ecx;
				if( *0x6f5e84d4 == 0) {
					L5:
					return E6F53B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E6F50E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					if(E6F4F42EB(_t105) != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E6F4F41EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
						}
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E6F5396C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					if(E6F4F429E(_t105 + 0x2c, _t102) >= 0) {
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E6F585720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						memset( &_v548, 0, 0x214);
						_t106 =  *0x6f5e84d4;
						_t110 = _t108 + 0x20;
						 *0x6f5eb1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						if( *( *0x6f5e84d4)() == 0) {
							goto L8;
						}
						_t66 = _v560;
						if(_t66 == 0 || _t66 >= 0x214) {
							goto L8;
						} else {
							_t68 = (_t66 >> 1) * 2 - 2;
							if(_t68 >= 0x214) {
								E6F53B75A();
								goto L33;
							}
							_push(_t85);
							 *((short*)(_t107 + _t68 - 0x220)) = 0;
							E6F585720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
							_t111 = _t110 + 0x14;
							_t73 = wcsstr( &_v548, L"Execute=1");
							_push(_t85);
							if(_t73 == 0) {
								E6F585720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
								_t106 =  &_v548;
								_t98 = _t106;
								_t112 = _t111 + 0x14;
								_t77 = _t98 + _v560;
								_v556 = _t77;
								if(_t98 >= _t77) {
									goto L8;
								} else {
									goto L27;
								}
								do {
									L27:
									_t85 = wcschr(_t106, 0x20);
									if(_t85 != 0) {
										 *_t85 = 0;
									}
									E6F585720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
									_t112 = _t112 + 0x10;
									E6F573E13(_t105, _t106);
									if(_t85 == 0) {
										goto L8;
									}
									_t41 = _t85 + 2; // 0x2
									_t106 = _t41;
								} while (_t106 < _v556);
								goto L8;
							}
							_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
							_push(3);
							_push(0x55);
							E6F585720();
							goto L15;
						}
					}
					L8:
					if(E6F4F41F7(_t105) != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}




























                                                                                  0x6f4f410d
                                                                                  0x6f4f410f
                                                                                  0x6f4f411c
                                                                                  0x6f4f411e
                                                                                  0x6f4f4158
                                                                                  0x6f4f4168
                                                                                  0x6f4f4168
                                                                                  0x6f4f4126
                                                                                  0x6f4f4130
                                                                                  0x6f4f413c
                                                                                  0x6f5504a2
                                                                                  0x6f4f4142
                                                                                  0x6f4f414b
                                                                                  0x6f4f414b
                                                                                  0x6f4f414f
                                                                                  0x6f4f416b
                                                                                  0x6f4f4178
                                                                                  0x6f4f41d0
                                                                                  0x6f4f41d2
                                                                                  0x6f4f41d3
                                                                                  0x6f4f41a7
                                                                                  0x6f4f41b0
                                                                                  0x6f4f41db
                                                                                  0x6f4f41b2
                                                                                  0x6f4f41b8
                                                                                  0x6f4f41bf
                                                                                  0x6f4f41c1
                                                                                  0x6f4f41c1
                                                                                  0x6f4f41c5
                                                                                  0x6f4f41df
                                                                                  0x6f4f41e2
                                                                                  0x6f4f41e2
                                                                                  0x6f4f41c9
                                                                                  0x6f550628
                                                                                  0x6f550628
                                                                                  0x6f550630
                                                                                  0x6f550631
                                                                                  0x6f550633
                                                                                  0x6f550635
                                                                                  0x6f550635
                                                                                  0x00000000
                                                                                  0x6f4f41c9
                                                                                  0x6f4f417d
                                                                                  0x6f4f4183
                                                                                  0x6f4f4190
                                                                                  0x6f5504af
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5504b5
                                                                                  0x6f5504c8
                                                                                  0x6f5504d5
                                                                                  0x6f5504e5
                                                                                  0x6f5504ea
                                                                                  0x6f5504f6
                                                                                  0x6f550518
                                                                                  0x6f550522
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f550528
                                                                                  0x6f550530
                                                                                  0x00000000
                                                                                  0x6f550543
                                                                                  0x6f550545
                                                                                  0x6f55054e
                                                                                  0x6f550623
                                                                                  0x00000000
                                                                                  0x6f550623
                                                                                  0x6f550556
                                                                                  0x6f550557
                                                                                  0x6f55056f
                                                                                  0x6f550574
                                                                                  0x6f550583
                                                                                  0x6f55058a
                                                                                  0x6f55058d
                                                                                  0x6f5505b5
                                                                                  0x6f5505c0
                                                                                  0x6f5505c6
                                                                                  0x6f5505c8
                                                                                  0x6f5505cb
                                                                                  0x6f5505cd
                                                                                  0x6f5505d5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5505db
                                                                                  0x6f5505db
                                                                                  0x6f5505e3
                                                                                  0x6f5505e9
                                                                                  0x6f5505ed
                                                                                  0x6f5505ed
                                                                                  0x6f5505fa
                                                                                  0x6f5505ff
                                                                                  0x6f550606
                                                                                  0x6f55060d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f550613
                                                                                  0x6f550613
                                                                                  0x6f550616
                                                                                  0x00000000
                                                                                  0x6f55061e
                                                                                  0x6f55058f
                                                                                  0x6f550594
                                                                                  0x6f550596
                                                                                  0x6f550598
                                                                                  0x00000000
                                                                                  0x6f55059d
                                                                                  0x6f550530
                                                                                  0x6f4f4196
                                                                                  0x6f4f419f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f41a1
                                                                                  0x00000000
                                                                                  0x6f4f4151
                                                                                  0x6f4f4151
                                                                                  0x6f4f4151
                                                                                  0x00000000
                                                                                  0x6f4f4151

                                                                                  APIs
                                                                                  • RtlImageNtHeaderEx.BCCB(00000003,?,00000000,00000000,?), ref: 6F4F4130
                                                                                  • ZwSetInformationProcess.BCCB(000000FF,00000022,?,00000004,00000003,?,00000000,00000000,?), ref: 6F550635
                                                                                  Strings
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 6F55058F
                                                                                  • Execute=1, xrefs: 6F55057D
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 6F550566
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 6F5505AC
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 6F5504BF
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 6F5505F1
                                                                                  • ExecuteOptions, xrefs: 6F55050A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: HeaderImageInformationProcess
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 4034523672-484625025
                                                                                  • Opcode ID: 0fa8acc88430bc72fc0e7f90c6599eb590f2e758f8cc127a48132fcb31ee4aae
                                                                                  • Instruction ID: ce9b0ffc3967a1648ae30c1dc331716ed67893bf7791f6712ca4a6f94b6c71cd
                                                                                  • Opcode Fuzzy Hash: 0fa8acc88430bc72fc0e7f90c6599eb590f2e758f8cc127a48132fcb31ee4aae
                                                                                  • Instruction Fuzzy Hash: A0614F31D01219BAEF10DAA4DF49FE97379FF94358F0001AAD519976D0DF309E568B60
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5ACF70, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 171nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 76%
                                                                                  			E6F5ACF70(void* __ecx, intOrPtr _a4, intOrPtr _a8, unsigned int* _a12) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				char _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				intOrPtr _v76;
				intOrPtr _t61;
				char _t92;
				unsigned int* _t94;
				void* _t104;
				char _t105;
				unsigned int _t107;
				intOrPtr _t109;

				_v44 = 7;
				_t92 = 0;
				_t96 = 0x2000000;
				_v40 = 0;
				_v52 = 0;
				_v48 = 0;
				_t109 = E6F4FF108(0, __ecx, __ecx,  &_v40);
				if(_t109 >= 0) {
					if(_a4 != 1) {
						RtlInitUnicodeString( &_v36, L"Control Panel\\Desktop\\MuiCached");
						_v32 = _v48;
						_t104 = 0x18;
						_v28 =  &_v44;
						_push( &_v36);
						_push(0x20019);
						_v60 = 0;
						_push( &_v60);
						_v36 = _t104;
						_v24 = 0x40;
						_v20 = 0;
						_v16 = 0;
						_t109 = E6F539600();
						if(_t109 < 0) {
							L5:
							if(_t109 == 0x80000005) {
								goto L9;
							} else {
								_push(_v60);
								E6F5395D0();
								_v64 = _t92;
								RtlInitUnicodeString( &_v48, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\MUI\\Settings");
								_v48 = _t104;
								_v44 = _t92;
								goto L7;
							}
						} else {
							RtlInitUnicodeString( &_v44, L"MachinePreferredUILanguages");
							_push(0x2000000);
							_t96 = _v68;
							_t109 = E6F4FF018(_t96,  &_v52,  &_v60, 0,  &_v64);
							if(_t109 >= 0) {
								goto L9;
							} else {
								goto L5;
							}
						}
					} else {
						RtlInitUnicodeString( &_v36, L"Control Panel\\Desktop");
						_v36 = 0x18;
						_v32 = _v48;
						L7:
						_v68 = _t92;
						_v36 =  &_v52;
						_push( &_v44);
						_push(0x20019);
						_v32 = 0x40;
						_push( &_v68);
						_v28 = _t92;
						_v24 = _t92;
						_t109 = E6F539600();
						if(_t109 >= 0) {
							RtlInitUnicodeString( &_v52, L"PreferredUILanguages");
							_push(_t96);
							_t96 = _v76;
							_t109 = E6F4FF018(_t96,  &_v60,  &_v68, _t92,  &_v72);
							L9:
							if(_t109 != 0xc0000034) {
								_t105 = _v56;
								if(_t105 != 0) {
									if(_t109 != 0x80000005) {
										_t109 = 0xc0000034;
									} else {
										_t107 = _t105 + 1 >> 1;
										if(_a8 != _t92) {
											_t94 = _a12;
											if( *_t94 >= _t107) {
												_push(_t96);
												_t109 = E6F4FF018(_v60,  &_v44,  &_v52, _a8,  &_v56);
												if(_t109 < 0) {
													goto L17;
												} else {
													if(_v56 == 7) {
														goto L16;
													} else {
														_t109 = 0xc0000034;
														goto L17;
													}
												}
												L29:
											} else {
												_t109 = 0xc0000023;
												L16:
												 *_t94 = _t107;
											}
											L17:
											_t92 = 0;
										} else {
											_t109 = _t92;
											 *_a12 = _t107;
										}
									}
								}
							}
						}
					}
				}
				_t61 = _v40;
				if(_t61 != 0) {
					if(_t61 != 0xffffffff) {
						 *0x6f4d6cc4(_t61);
					}
					_v40 = _t92;
				}
				if(_v52 != 0) {
					_push(_v52);
					E6F5395D0();
				}
				return _t109;
				goto L29;
			}


























                                                                                  0x6f5acf82
                                                                                  0x6f5acf8c
                                                                                  0x6f5acf91
                                                                                  0x6f5acf96
                                                                                  0x6f5acf9a
                                                                                  0x6f5acf9e
                                                                                  0x6f5acfa7
                                                                                  0x6f5acfab
                                                                                  0x6f5acfb9
                                                                                  0x6f5acfe1
                                                                                  0x6f5acfea
                                                                                  0x6f5acff4
                                                                                  0x6f5acff5
                                                                                  0x6f5acffd
                                                                                  0x6f5acffe
                                                                                  0x6f5ad007
                                                                                  0x6f5ad00b
                                                                                  0x6f5ad00c
                                                                                  0x6f5ad010
                                                                                  0x6f5ad018
                                                                                  0x6f5ad01c
                                                                                  0x6f5ad025
                                                                                  0x6f5ad029
                                                                                  0x6f5ad05d
                                                                                  0x6f5ad063
                                                                                  0x00000000
                                                                                  0x6f5ad069
                                                                                  0x6f5ad069
                                                                                  0x6f5ad06d
                                                                                  0x6f5ad07b
                                                                                  0x6f5ad080
                                                                                  0x6f5ad085
                                                                                  0x6f5ad089
                                                                                  0x00000000
                                                                                  0x6f5ad089
                                                                                  0x6f5ad02b
                                                                                  0x6f5ad035
                                                                                  0x6f5ad03a
                                                                                  0x6f5ad03b
                                                                                  0x6f5ad053
                                                                                  0x6f5ad057
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5ad057
                                                                                  0x6f5acfbb
                                                                                  0x6f5acfc1
                                                                                  0x6f5acfca
                                                                                  0x6f5acfd2
                                                                                  0x6f5ad08d
                                                                                  0x6f5ad091
                                                                                  0x6f5ad095
                                                                                  0x6f5ad09d
                                                                                  0x6f5ad09e
                                                                                  0x6f5ad0a7
                                                                                  0x6f5ad0af
                                                                                  0x6f5ad0b0
                                                                                  0x6f5ad0b4
                                                                                  0x6f5ad0bd
                                                                                  0x6f5ad0c1
                                                                                  0x6f5ad0cd
                                                                                  0x6f5ad0d2
                                                                                  0x6f5ad0d3
                                                                                  0x6f5ad0eb
                                                                                  0x6f5ad0ed
                                                                                  0x6f5ad0f4
                                                                                  0x6f5ad0f6
                                                                                  0x6f5ad0fc
                                                                                  0x6f5ad104
                                                                                  0x6f5ad18d
                                                                                  0x6f5ad10a
                                                                                  0x6f5ad10b
                                                                                  0x6f5ad110
                                                                                  0x6f5ad11b
                                                                                  0x6f5ad120
                                                                                  0x6f5ad15e
                                                                                  0x6f5ad179
                                                                                  0x6f5ad17d
                                                                                  0x00000000
                                                                                  0x6f5ad17f
                                                                                  0x6f5ad184
                                                                                  0x00000000
                                                                                  0x6f5ad186
                                                                                  0x6f5ad186
                                                                                  0x00000000
                                                                                  0x6f5ad186
                                                                                  0x6f5ad184
                                                                                  0x00000000
                                                                                  0x6f5ad122
                                                                                  0x6f5ad122
                                                                                  0x6f5ad127
                                                                                  0x6f5ad127
                                                                                  0x6f5ad127
                                                                                  0x6f5ad129
                                                                                  0x6f5ad129
                                                                                  0x6f5ad112
                                                                                  0x6f5ad115
                                                                                  0x6f5ad117
                                                                                  0x6f5ad117
                                                                                  0x6f5ad110
                                                                                  0x6f5ad104
                                                                                  0x6f5ad0fc
                                                                                  0x6f5ad0f4
                                                                                  0x6f5ad0c1
                                                                                  0x6f5acfb9
                                                                                  0x6f5ad12b
                                                                                  0x6f5ad131
                                                                                  0x6f5ad136
                                                                                  0x6f5ad139
                                                                                  0x6f5ad139
                                                                                  0x6f5ad13f
                                                                                  0x6f5ad13f
                                                                                  0x6f5ad148
                                                                                  0x6f5ad14a
                                                                                  0x6f5ad14e
                                                                                  0x6f5ad14e
                                                                                  0x6f5ad15b
                                                                                  0x00000000

                                                                                  APIs
                                                                                    • Part of subcall function 6F4FF108: RtlOpenCurrentUser.BCCB(02000000,00000000,?,00000000,02000000,?,6F5ACFA7,?,?,?), ref: 6F4FF12C
                                                                                  • RtlInitUnicodeString.BCCB(?,Control Panel\Desktop,?,?,?), ref: 6F5ACFC1
                                                                                  • RtlInitUnicodeString.BCCB(?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6F5ACFE1
                                                                                  • ZwOpenKey.BCCB(?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6F5AD020
                                                                                  • RtlInitUnicodeString.BCCB(?,MachinePreferredUILanguages,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6F5AD035
                                                                                  • ZwClose.BCCB(?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6F5AD06D
                                                                                  • RtlInitUnicodeString.BCCB(?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6F5AD080
                                                                                  • ZwOpenKey.BCCB(00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6F5AD0B8
                                                                                  • RtlInitUnicodeString.BCCB(?,PreferredUILanguages,00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached), ref: 6F5AD0CD
                                                                                  • ZwClose.BCCB(?,?,?,?), ref: 6F5AD139
                                                                                  • ZwClose.BCCB(00000000,?,?,?), ref: 6F5AD14E
                                                                                  Strings
                                                                                  • Control Panel\Desktop, xrefs: 6F5ACFBB
                                                                                  • MachinePreferredUILanguages, xrefs: 6F5AD02B
                                                                                  • PreferredUILanguages, xrefs: 6F5AD0C3
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 6F5AD072
                                                                                  • @, xrefs: 6F5AD0A7
                                                                                  • Control Panel\Desktop\MuiCached, xrefs: 6F5ACFDB
                                                                                  • @, xrefs: 6F5AD010
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitStringUnicode$CloseOpen$CurrentUser
                                                                                  • String ID: @$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                  • API String ID: 3208599939-2289709611
                                                                                  • Opcode ID: 494e2cdc232f5a5bb16b161a6654ab9cb558d3f0230c04a34210b9cffd8a4009
                                                                                  • Instruction ID: 613a9a6c010c142cc8cef7d5ad76fa42b7c567e2d89aa08cc742dbaae8a52f10
                                                                                  • Opcode Fuzzy Hash: 494e2cdc232f5a5bb16b161a6654ab9cb558d3f0230c04a34210b9cffd8a4009
                                                                                  • Instruction Fuzzy Hash: 54512DB28087169FC311DF19C880E5FBBE9BB85754F010A3EF994A7250E731DE598B92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F2FB0, Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 262timeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 69%
                                                                                  			E6F4F2FB0(intOrPtr* _a4) {
				signed int _v8;
				void* _v36;
				void* _v62;
				void* _v68;
				void* _v72;
				signed int _v96;
				void* _v98;
				char _v100;
				void* _v104;
				void* _v108;
				void* _v112;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t62;
				intOrPtr _t64;
				signed int* _t83;
				signed int _t84;
				signed int _t88;
				char* _t89;
				char _t93;
				void* _t99;
				signed int* _t102;
				intOrPtr _t103;
				void* _t104;
				signed int* _t107;
				signed int _t108;
				char* _t115;
				signed int _t118;
				signed int _t124;
				void* _t125;
				void* _t126;
				signed int _t127;
				intOrPtr* _t128;
				void* _t135;
				intOrPtr _t137;
				intOrPtr* _t159;
				void* _t160;
				void* _t162;
				intOrPtr* _t164;
				void* _t167;
				signed int* _t168;
				signed int* _t169;
				signed int _t172;
				signed int _t174;

				_t174 = (_t172 & 0xfffffff8) - 0x64;
				_v8 =  *0x6f5ed360 ^ _t174;
				_push(_t125);
				_t159 = _a4;
				if(_t159 == 0) {
					__eflags =  *0x6f5e8748 - 2;
					if( *0x6f5e8748 >= 2) {
						_t64 =  *[fs:0x30];
						__eflags =  *(_t64 + 0xc);
						if( *(_t64 + 0xc) == 0) {
							_push("HEAP: ");
							E6F4FB150();
						} else {
							E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(HeapHandle != NULL)");
						E6F4FB150();
						__eflags =  *0x6f5e7bc8;
						if(__eflags == 0) {
							_t135 = 2;
							E6F5B2073(_t125, _t135, _t159, __eflags);
						}
					}
					L26:
					_t62 = 0;
					L27:
					_pop(_t160);
					_pop(_t162);
					_pop(_t126);
					return E6F53B640(_t62, _t126, _v8 ^ _t174, _t155, _t160, _t162);
				}
				if( *((intOrPtr*)(_t159 + 8)) == 0xddeeddee) {
					_t137 =  *[fs:0x30];
					__eflags = _t159 -  *((intOrPtr*)(_t137 + 0x18));
					if(_t159 ==  *((intOrPtr*)(_t137 + 0x18))) {
						L30:
						_t62 = _t159;
						goto L27;
					}
					_t138 =  *(_t159 + 0x20);
					__eflags =  *(_t159 + 0x20);
					if( *(_t159 + 0x20) != 0) {
						_t155 = _t159;
						E6F59CB1E(_t138, _t159, 0, 8, 0);
					}
					E6F4F31B0(_t125, _t159, _t155);
					E6F5B274F(_t159);
					_t155 = 1;
					E6F521249(_t159, 1, 0, 0);
					E6F5BB581(_t159);
					goto L26;
				}
				if(( *(_t159 + 0x44) & 0x01000000) != 0) {
					_t164 =  *0x6f5e5718; // 0x0
					 *0x6f5eb1e0(_t159);
					_t62 =  *_t164();
					goto L27;
				}
				_t144 =  *((intOrPtr*)(_t159 + 0x58));
				if( *((intOrPtr*)(_t159 + 0x58)) != 0) {
					_t155 = _t159;
					E6F59CB1E(_t144, _t159, 0, 8, 0);
				}
				E6F4F31B0(_t125, _t159, _t155);
				if(( *(_t159 + 0x40) & 0x61000000) != 0) {
					__eflags =  *(_t159 + 0x40) & 0x10000000;
					if(( *(_t159 + 0x40) & 0x10000000) != 0) {
						goto L5;
					}
					_t124 = E6F5B3518(_t159);
					__eflags = _t124;
					if(_t124 == 0) {
						goto L30;
					}
					goto L5;
				} else {
					L5:
					if(_t159 ==  *((intOrPtr*)( *[fs:0x30] + 0x18))) {
						goto L30;
					} else {
						_t155 = 1;
						E6F521249(_t159, 1, 0, 0);
						_t83 = _t159 + 0x9c;
						_t127 =  *_t83;
						while(_t83 != _t127) {
							_t84 = _t127;
							_t155 =  &_v96;
							_t127 =  *_t127;
							_v96 = _t84 & 0xffff0000;
							_v100 = 0;
							E6F52174B( &_v96,  &_v100, 0x8000);
							_t88 = E6F517D50();
							__eflags = _t88;
							if(_t88 == 0) {
								_t89 = 0x7ffe0388;
							} else {
								_t89 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							}
							__eflags =  *_t89;
							if(__eflags != 0) {
								_t155 = _v96;
								E6F5AFE3F(_t159, _v96, _v100);
							}
							_t83 = _t159 + 0x9c;
						}
						if( *((char*)(_t159 + 0xda)) == 2) {
							_t93 =  *((intOrPtr*)(_t159 + 0xd4));
						} else {
							_t93 = 0;
						}
						if(_t93 != 0) {
							 *((intOrPtr*)(_t174 + 0x1c)) = _t93;
							_t155 = _t174 + 0x1c;
							 *((intOrPtr*)(_t174 + 0x1c)) = 0;
							E6F52174B(_t174 + 0x1c, _t174 + 0x1c, 0x8000);
						}
						_t128 = _t159 + 0x88;
						if( *_t128 != 0) {
							 *((intOrPtr*)(_t174 + 0x24)) = 0;
							_t155 = _t128;
							E6F52174B(_t128, _t174 + 0x24, 0x8000);
							 *_t128 = 0;
						}
						if(( *(_t159 + 0x40) & 0x00000001) == 0) {
							 *((intOrPtr*)(_t159 + 0xc8)) = 0;
						}
						goto L16;
						L16:
						_t167 =  *((intOrPtr*)(_t159 + 0xa8)) - 0x10;
						E6F4F3138(_t167);
						if(_t167 != _t159) {
							goto L16;
						} else {
							_t99 = E6F517D50();
							_t168 = 0x7ffe0380;
							if(_t99 != 0) {
								_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t102 = 0x7ffe0380;
							}
							if( *_t102 != 0) {
								_t103 =  *[fs:0x30];
								__eflags =  *(_t103 + 0x240) & 0x00000001;
								if(( *(_t103 + 0x240) & 0x00000001) != 0) {
									_t118 = E6F517D50();
									__eflags = _t118;
									if(_t118 != 0) {
										_t168 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags = _t168;
									}
									 *((short*)(_t174 + 0x2a)) = 0x1023;
									_push(_t174 + 0x24);
									_push(4);
									_push(0x402);
									_push( *_t168 & 0x000000ff);
									 *((intOrPtr*)(_t174 + 0x54)) = _t159;
									E6F539AE0();
								}
							}
							_t104 = E6F517D50();
							_t169 = 0x7ffe038a;
							if(_t104 != 0) {
								_t107 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t107 = 0x7ffe038a;
							}
							if( *_t107 != 0) {
								_t108 = E6F517D50();
								__eflags = _t108;
								if(_t108 != 0) {
									_t169 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
									__eflags = _t169;
								}
								 *((short*)(_t174 + 0x4e)) = 0x1023;
								_push(_t174 + 0x48);
								_push(4);
								_push(0x402);
								_push( *_t169 & 0x000000ff);
								 *((intOrPtr*)(_t174 + 0x78)) = _t159;
								E6F539AE0();
							}
							if(E6F517D50() != 0) {
								_t115 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
							} else {
								_t115 = 0x7ffe0388;
							}
							if( *_t115 != 0) {
								E6F5AFDD3(_t159);
							}
							goto L26;
						}
					}
				}
			}


















































                                                                                  0x6f4f2fb8
                                                                                  0x6f4f2fc2
                                                                                  0x6f4f2fc6
                                                                                  0x6f4f2fc9
                                                                                  0x6f4f2fce
                                                                                  0x6f54fb7d
                                                                                  0x6f54fb84
                                                                                  0x6f54fb8a
                                                                                  0x6f54fb90
                                                                                  0x6f54fb94
                                                                                  0x6f54fbb3
                                                                                  0x6f54fbb8
                                                                                  0x6f54fb96
                                                                                  0x6f54fbab
                                                                                  0x6f54fbb0
                                                                                  0x6f54fbbe
                                                                                  0x6f54fbc3
                                                                                  0x6f54fbc8
                                                                                  0x6f54fbd0
                                                                                  0x6f54fbd8
                                                                                  0x6f54fbd9
                                                                                  0x6f54fbd9
                                                                                  0x6f54fbd0
                                                                                  0x6f4f30ea
                                                                                  0x6f4f30ea
                                                                                  0x6f4f30ec
                                                                                  0x6f4f30f0
                                                                                  0x6f4f30f1
                                                                                  0x6f4f30f2
                                                                                  0x6f4f30fd
                                                                                  0x6f4f30fd
                                                                                  0x6f4f2fdb
                                                                                  0x6f54fbe3
                                                                                  0x6f54fbea
                                                                                  0x6f54fbed
                                                                                  0x6f4f312b
                                                                                  0x6f4f312b
                                                                                  0x00000000
                                                                                  0x6f4f312b
                                                                                  0x6f54fbf3
                                                                                  0x6f54fbf8
                                                                                  0x6f54fbfa
                                                                                  0x6f54fc00
                                                                                  0x6f54fc02
                                                                                  0x6f54fc02
                                                                                  0x6f54fc09
                                                                                  0x6f54fc10
                                                                                  0x6f54fc1b
                                                                                  0x6f54fc1c
                                                                                  0x6f54fc23
                                                                                  0x00000000
                                                                                  0x6f54fc23
                                                                                  0x6f4f2fe8
                                                                                  0x6f54fc2d
                                                                                  0x6f54fc36
                                                                                  0x6f54fc3c
                                                                                  0x00000000
                                                                                  0x6f54fc3c
                                                                                  0x6f4f2fee
                                                                                  0x6f4f2ff5
                                                                                  0x6f54fc47
                                                                                  0x6f54fc49
                                                                                  0x6f54fc49
                                                                                  0x6f4f2ffd
                                                                                  0x6f4f3009
                                                                                  0x6f54fc53
                                                                                  0x6f54fc5a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54fc62
                                                                                  0x6f54fc67
                                                                                  0x6f54fc69
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f300f
                                                                                  0x6f4f300f
                                                                                  0x6f4f3018
                                                                                  0x00000000
                                                                                  0x6f4f301e
                                                                                  0x6f4f3024
                                                                                  0x6f4f3025
                                                                                  0x6f4f302a
                                                                                  0x6f4f3030
                                                                                  0x6f4f3032
                                                                                  0x6f54fc74
                                                                                  0x6f54fc76
                                                                                  0x6f54fc7a
                                                                                  0x6f54fc81
                                                                                  0x6f54fc8f
                                                                                  0x6f54fc93
                                                                                  0x6f54fc98
                                                                                  0x6f54fc9d
                                                                                  0x6f54fc9f
                                                                                  0x6f54fcb1
                                                                                  0x6f54fca1
                                                                                  0x6f54fcaa
                                                                                  0x6f54fcaa
                                                                                  0x6f54fcb6
                                                                                  0x6f54fcb9
                                                                                  0x6f54fcbf
                                                                                  0x6f54fcc5
                                                                                  0x6f54fcc5
                                                                                  0x6f54fcca
                                                                                  0x6f54fcca
                                                                                  0x6f4f3041
                                                                                  0x6f4f3100
                                                                                  0x6f4f3047
                                                                                  0x6f4f3047
                                                                                  0x6f4f3047
                                                                                  0x6f4f304b
                                                                                  0x6f4f310b
                                                                                  0x6f4f310f
                                                                                  0x6f4f311c
                                                                                  0x6f4f3121
                                                                                  0x6f4f3121
                                                                                  0x6f4f3051
                                                                                  0x6f4f3059
                                                                                  0x6f54fcde
                                                                                  0x6f54fce3
                                                                                  0x6f54fce5
                                                                                  0x6f54fcea
                                                                                  0x6f54fcea
                                                                                  0x6f4f3063
                                                                                  0x6f4f3075
                                                                                  0x6f4f3075
                                                                                  0x00000000
                                                                                  0x6f4f307b
                                                                                  0x6f4f3081
                                                                                  0x6f4f3086
                                                                                  0x6f4f308d
                                                                                  0x00000000
                                                                                  0x6f4f308f
                                                                                  0x6f4f308f
                                                                                  0x6f4f3094
                                                                                  0x6f4f30a0
                                                                                  0x6f54fcfa
                                                                                  0x6f4f30a6
                                                                                  0x6f4f30a6
                                                                                  0x6f4f30a6
                                                                                  0x6f4f30ab
                                                                                  0x6f54fd01
                                                                                  0x6f54fd07
                                                                                  0x6f54fd0e
                                                                                  0x6f54fd14
                                                                                  0x6f54fd19
                                                                                  0x6f54fd1b
                                                                                  0x6f54fd26
                                                                                  0x6f54fd26
                                                                                  0x6f54fd26
                                                                                  0x6f54fd2f
                                                                                  0x6f54fd38
                                                                                  0x6f54fd39
                                                                                  0x6f54fd3b
                                                                                  0x6f54fd43
                                                                                  0x6f54fd44
                                                                                  0x6f54fd48
                                                                                  0x6f54fd48
                                                                                  0x6f54fd0e
                                                                                  0x6f4f30b1
                                                                                  0x6f4f30b6
                                                                                  0x6f4f30c2
                                                                                  0x6f54fd5b
                                                                                  0x6f4f30c8
                                                                                  0x6f4f30c8
                                                                                  0x6f4f30c8
                                                                                  0x6f4f30cd
                                                                                  0x6f54fd62
                                                                                  0x6f54fd67
                                                                                  0x6f54fd69
                                                                                  0x6f54fd74
                                                                                  0x6f54fd74
                                                                                  0x6f54fd74
                                                                                  0x6f54fd7d
                                                                                  0x6f54fd86
                                                                                  0x6f54fd87
                                                                                  0x6f54fd89
                                                                                  0x6f54fd91
                                                                                  0x6f54fd92
                                                                                  0x6f54fd96
                                                                                  0x6f54fd96
                                                                                  0x6f4f30da
                                                                                  0x6f54fda9
                                                                                  0x6f4f30e0
                                                                                  0x6f4f30e0
                                                                                  0x6f4f30e0
                                                                                  0x6f4f30e8
                                                                                  0x6f4f3131
                                                                                  0x6f4f3131
                                                                                  0x00000000
                                                                                  0x6f4f30e8
                                                                                  0x6f4f308d
                                                                                  0x6f4f3018

                                                                                  APIs
                                                                                  • RtlDeleteCriticalSection.BCCB(?,00000000,00008000), ref: 6F4F3070
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(00000000,00008000), ref: 6F4F308F
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F4F30B1
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F4F30D3
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C), ref: 6F54FBAB
                                                                                  • DbgPrint.BCCB((HeapHandle != NULL)), ref: 6F54FBC3
                                                                                  • RtlDebugPrintTimes.BCCB(?), ref: 6F54FC36
                                                                                    • Part of subcall function 6F4F31B0: RtlAcquireSRWLockExclusive.BCCB(6F5E8660,?,00000000,6F54FC0E), ref: 6F4F31BC
                                                                                    • Part of subcall function 6F4F31B0: RtlReleaseSRWLockExclusive.BCCB(6F5E8660,6F5E8660,?,00000000,6F54FC0E), ref: 6F4F31CF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentPrintServiceSession$ExclusiveLock$AcquireCriticalDebugDeleteReleaseSectionTimes
                                                                                  • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 1992993584-3610490719
                                                                                  • Opcode ID: 8aa6764a58f8191a5325c57c310bef7d00d56ecfdd0e3985b19224883d84da69
                                                                                  • Instruction ID: b03fa53c25b644153d19f328456194838a6895b22bafd02026fd62d8c40f6b88
                                                                                  • Opcode Fuzzy Hash: 8aa6764a58f8191a5325c57c310bef7d00d56ecfdd0e3985b19224883d84da69
                                                                                  • Instruction Fuzzy Hash: 2D910131709B509FD715CB28CA55F6AB7E6BFC5708F00426AE8488BA85DB35EC42C7D2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F65A0, Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 157nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 65%
                                                                                  			E6F4F65A0(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				void* _v28;
				signed int _v300;
				intOrPtr _v304;
				signed int _v308;
				intOrPtr _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				void _v324;
				intOrPtr* _v328;
				void _v332;
				int _v336;
				void* _v340;
				char _v344;
				void* _v348;
				char _v352;
				char _v356;
				char _v360;
				char _v364;
				void* _v368;
				void* _v372;
				void* _v388;
				void* __ebx;
				void* __edi;
				void* __esi;
				void _t75;
				intOrPtr* _t110;
				void* _t111;
				signed int _t112;
				signed int _t118;
				void* _t132;
				void* _t135;
				intOrPtr* _t137;
				void* _t142;
				signed int _t143;
				signed int _t145;

				_t145 = (_t143 & 0xfffffff8) - 0x15c;
				_v8 =  *0x6f5ed360 ^ _t145;
				_t75 = _a4;
				_t124 = 0;
				_v332 = _t75;
				_t110 = _a12;
				_t137 = _a8;
				_v328 = _t137;
				if(_t75 != 0) {
					_push("true");
					_pop(_t112);
					_v340 = 0;
					_v336 = 0;
					memset( &_v324, 0, _t112 << 2);
					_t145 = _t145 + 0xc;
					_v344 = 0;
					_v348 = 0;
					_t132 = 0;
					RtlInitUnicodeString( &_v340, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion");
					_v332 = 0x18;
					_v324 =  &_v348;
					_v328 = 0;
					_push( &_v332);
					_push(0x20119);
					_v320 = 0x40;
					_push( &_v352);
					_v316 = 0;
					_v312 = 0;
					if(E6F539600() >= 0) {
						if(E6F4F66D4(_v352, L"UBR",  &_v356) >= 0) {
							_t132 = _v356;
						}
						_push(_v352);
						E6F5395D0();
					}
					_v308 = 0x11c;
					E6F524020( &_v308);
					_t89 = _v344;
					asm("adc esi, edx");
					asm("adc esi, 0x0");
					 *_t89 = 0 + _v300 * 0x10000 + _t132;
					 *((intOrPtr*)(_t89 + 4)) = _v308 * 0x10000 + _v304;
					_t124 = 0;
					_t137 = _v340;
				}
				if(_t137 != 0) {
					_v348 = _t124;
					_v344 = _t124;
					_v356 = 3;
					RtlInitUnicodeString( &_v348, L"Kernel-OneCore-DeviceFamilyID");
					_push( &_v344);
					_push(4);
					_push( &_v364);
					_push( &_v348);
					_push( &_v356);
					E6F53A9B0();
					_t89 =  *((intOrPtr*)(_t145 + 0x10));
					 *_t137 =  *((intOrPtr*)(_t145 + 0x10));
				}
				if(_t110 != 0) {
					_t118 = 6;
					memset( &_v332, 0, _t118 << 2);
					_t145 = _t145 + 0xc;
					_v348 = 0;
					_v344 = 0;
					_v352 = 0;
					_v356 = 0;
					 *_t110 = 0;
					RtlInitUnicodeString( &_v348, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM");
					_v340 = 0x18;
					_v332 =  &_v356;
					_push( &_v340);
					_push(0x20119);
					_v336 = 0;
					_push( &_v360);
					_v328 = 0x40;
					_v324 = 0;
					_v320 = 0;
					if(E6F539600() >= 0) {
						_t124 = L"DeviceForm";
						if(E6F4F66D4(_v360, L"DeviceForm",  &_v364) >= 0) {
							 *_t110 = _v364;
						}
						_push(_v360);
						_t89 = E6F5395D0();
					}
				}
				_pop(_t135);
				_pop(_t142);
				_pop(_t111);
				return E6F53B640(_t89, _t111,  *(_t145 + 0x164) ^ _t145, _t124, _t135, _t142);
			}







































                                                                                  0x6f4f65a8
                                                                                  0x6f4f65b5
                                                                                  0x6f4f65bc
                                                                                  0x6f4f65bf
                                                                                  0x6f4f65c1
                                                                                  0x6f4f65c6
                                                                                  0x6f4f65ca
                                                                                  0x6f4f65cd
                                                                                  0x6f4f65d4
                                                                                  0x6f5519a6
                                                                                  0x6f5519a8
                                                                                  0x6f5519ab
                                                                                  0x6f5519b3
                                                                                  0x6f5519b7
                                                                                  0x6f5519b7
                                                                                  0x6f5519c2
                                                                                  0x6f5519c7
                                                                                  0x6f5519cb
                                                                                  0x6f5519cd
                                                                                  0x6f5519d6
                                                                                  0x6f5519de
                                                                                  0x6f5519e8
                                                                                  0x6f5519ec
                                                                                  0x6f5519ed
                                                                                  0x6f5519f6
                                                                                  0x6f5519fe
                                                                                  0x6f5519ff
                                                                                  0x6f551a03
                                                                                  0x6f551a0e
                                                                                  0x6f551a25
                                                                                  0x6f551a27
                                                                                  0x6f551a27
                                                                                  0x6f551a2b
                                                                                  0x6f551a2f
                                                                                  0x6f551a2f
                                                                                  0x6f551a38
                                                                                  0x6f551a41
                                                                                  0x6f551a66
                                                                                  0x6f551a6a
                                                                                  0x6f551a6e
                                                                                  0x6f551a71
                                                                                  0x6f551a73
                                                                                  0x6f551a76
                                                                                  0x6f551a78
                                                                                  0x6f551a78
                                                                                  0x6f4f65dc
                                                                                  0x6f4f65e7
                                                                                  0x6f4f65ec
                                                                                  0x6f4f65f0
                                                                                  0x6f4f65f8
                                                                                  0x6f4f6601
                                                                                  0x6f4f6602
                                                                                  0x6f4f6608
                                                                                  0x6f4f660d
                                                                                  0x6f4f6612
                                                                                  0x6f4f6613
                                                                                  0x6f4f6618
                                                                                  0x6f4f661c
                                                                                  0x6f4f661c
                                                                                  0x6f4f6620
                                                                                  0x6f4f663b
                                                                                  0x6f4f6644
                                                                                  0x6f4f6644
                                                                                  0x6f4f664f
                                                                                  0x6f4f6654
                                                                                  0x6f4f6658
                                                                                  0x6f4f665c
                                                                                  0x6f4f6660
                                                                                  0x6f4f6662
                                                                                  0x6f4f666b
                                                                                  0x6f4f6673
                                                                                  0x6f4f667b
                                                                                  0x6f4f667c
                                                                                  0x6f4f6685
                                                                                  0x6f4f6689
                                                                                  0x6f4f668a
                                                                                  0x6f4f6692
                                                                                  0x6f4f6696
                                                                                  0x6f4f66a1
                                                                                  0x6f4f66b0
                                                                                  0x6f4f66bc
                                                                                  0x6f4f66d0
                                                                                  0x6f4f66d0
                                                                                  0x6f4f66be
                                                                                  0x6f4f66c2
                                                                                  0x6f4f66c2
                                                                                  0x6f4f66a1
                                                                                  0x6f4f6629
                                                                                  0x6f4f662a
                                                                                  0x6f4f662b
                                                                                  0x6f4f6636

                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB ref: 6F4F65F8
                                                                                  • ZwQueryLicenseValue.BCCB(?,?,00000003,00000004,?), ref: 6F4F6613
                                                                                  • RtlInitUnicodeString.BCCB(?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM), ref: 6F4F6662
                                                                                  • ZwClose.BCCB(?,?,?,?,?,?,00020119,00000018), ref: 6F4F66C2
                                                                                  • ZwOpenKey.BCCB(?,?,?,?,00020119,00000018), ref: 6F4F669A
                                                                                    • Part of subcall function 6F539600: LdrInitializeThunk.NTDLL(6F531119,?,?,00000018,?), ref: 6F53960A
                                                                                  • RtlInitUnicodeString.BCCB(?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6F5519CD
                                                                                  • ZwOpenKey.BCCB(?,?,?,?,00020119,00000018), ref: 6F551A07
                                                                                  • ZwClose.BCCB(?,?,?,?,?,?,00020119,00000018), ref: 6F551A2F
                                                                                  • RtlGetVersion.BCCB(?,?,?,?,?,00020119,00000018), ref: 6F551A41
                                                                                  Strings
                                                                                  • UBR, xrefs: 6F551A19
                                                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM, xrefs: 6F4F6646
                                                                                  • @, xrefs: 6F5519F6
                                                                                  • @, xrefs: 6F4F668A
                                                                                  • Kernel-OneCore-DeviceFamilyID, xrefs: 6F4F65DE
                                                                                  • DeviceForm, xrefs: 6F4F66B0
                                                                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion, xrefs: 6F5519B9
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitStringUnicode$CloseOpen$InitializeLicenseQueryThunkValueVersion
                                                                                  • String ID: @$@$DeviceForm$Kernel-OneCore-DeviceFamilyID$UBR$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM
                                                                                  • API String ID: 2689724482-2811273990
                                                                                  • Opcode ID: f483dfa0af80807659ade6041a9d5bc2ab58a0aa524b6ce0253ce75435c67ab7
                                                                                  • Instruction ID: 4e0b86ce95fea1164da150727b73d5ad46f54f7807f4d83744c9608bdcbe087e
                                                                                  • Opcode Fuzzy Hash: f483dfa0af80807659ade6041a9d5bc2ab58a0aa524b6ce0253ce75435c67ab7
                                                                                  • Instruction Fuzzy Hash: 945129B25083159FD314CF19C850A8BBBE9BFC9758F00492EF998D7354E731DA098B92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51A229, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 183nativememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 69%
                                                                                  			E6F51A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E6F51DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E6F539730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E6F5BA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E6F539660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E6F4FB150();
					} else {
						E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E6F4FB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E6F517D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E6F5B138A(_t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E6F517D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E6F517D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E6F5B1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E6F517D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E6F517D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E6F5B1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E6F54D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                  0x6f51a229
                                                                                  0x6f51a231
                                                                                  0x6f51a23f
                                                                                  0x6f51a242
                                                                                  0x6f51a244
                                                                                  0x6f51a24c
                                                                                  0x6f51a255
                                                                                  0x6f51a25a
                                                                                  0x6f51a25f
                                                                                  0x6f561c76
                                                                                  0x6f561c78
                                                                                  0x6f561c7e
                                                                                  0x6f561c7f
                                                                                  0x6f561c81
                                                                                  0x6f561c82
                                                                                  0x6f561c84
                                                                                  0x6f561c89
                                                                                  0x6f561c8b
                                                                                  0x6f561c9e
                                                                                  0x6f561c9e
                                                                                  0x6f561cab
                                                                                  0x6f561cb2
                                                                                  0x00000000
                                                                                  0x6f561cb2
                                                                                  0x6f561c8d
                                                                                  0x6f561c92
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f561c94
                                                                                  0x6f561c98
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f561c98
                                                                                  0x6f51a265
                                                                                  0x6f51a265
                                                                                  0x6f51a266
                                                                                  0x6f51a26f
                                                                                  0x6f51a270
                                                                                  0x6f51a276
                                                                                  0x6f51a277
                                                                                  0x6f51a279
                                                                                  0x6f51a27e
                                                                                  0x6f51a282
                                                                                  0x6f561db5
                                                                                  0x6f561dbb
                                                                                  0x6f561dc1
                                                                                  0x6f561dc5
                                                                                  0x6f561de4
                                                                                  0x6f561de9
                                                                                  0x6f561dc7
                                                                                  0x6f561ddc
                                                                                  0x6f561de1
                                                                                  0x6f561def
                                                                                  0x6f561df3
                                                                                  0x6f561df7
                                                                                  0x6f561dfe
                                                                                  0x6f561e06
                                                                                  0x6f51a302
                                                                                  0x6f51a308
                                                                                  0x6f51a308
                                                                                  0x6f51a288
                                                                                  0x6f51a28d
                                                                                  0x6f51a294
                                                                                  0x6f561cc1
                                                                                  0x6f51a29a
                                                                                  0x6f51a29a
                                                                                  0x6f51a29a
                                                                                  0x6f51a29f
                                                                                  0x6f561ccb
                                                                                  0x6f561cd1
                                                                                  0x6f561cd8
                                                                                  0x6f561cea
                                                                                  0x6f561cea
                                                                                  0x6f561cd8
                                                                                  0x6f51a2a9
                                                                                  0x6f51a2af
                                                                                  0x6f51a2bc
                                                                                  0x6f561cfd
                                                                                  0x6f51a2c2
                                                                                  0x6f51a2c2
                                                                                  0x6f51a2c2
                                                                                  0x6f51a2c7
                                                                                  0x6f561d07
                                                                                  0x6f561d0d
                                                                                  0x6f561d14
                                                                                  0x6f561d1f
                                                                                  0x6f561d21
                                                                                  0x6f561d2c
                                                                                  0x6f561d2c
                                                                                  0x6f561d2c
                                                                                  0x6f561d47
                                                                                  0x6f561d47
                                                                                  0x6f561d14
                                                                                  0x6f51a2cd
                                                                                  0x6f51a2d2
                                                                                  0x6f51a2d9
                                                                                  0x6f561d5a
                                                                                  0x6f51a2df
                                                                                  0x6f51a2df
                                                                                  0x6f51a2df
                                                                                  0x6f51a2e4
                                                                                  0x6f561d69
                                                                                  0x6f561d6b
                                                                                  0x6f561d76
                                                                                  0x6f561d76
                                                                                  0x6f561d76
                                                                                  0x6f561d91
                                                                                  0x6f561d91
                                                                                  0x6f51a2ea
                                                                                  0x6f51a2f0
                                                                                  0x6f51a2f5
                                                                                  0x6f561da8
                                                                                  0x6f561dad
                                                                                  0x6f561dad
                                                                                  0x6f51a2fd
                                                                                  0x6f51a300
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,00000014,00000000,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6F51A279
                                                                                    • Part of subcall function 6F539660: LdrInitializeThunk.NTDLL(6F5818BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6F5D0810,0000001C,6F581616), ref: 6F53966A
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(000000FF,00000014,00000000,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6F51A288
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F51A2B5
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F51A2CD
                                                                                  • ZwQueryVirtualMemory.BCCB(000000FF,?,00000003,00000014,00000014,00000000,?,?,?,-00000018,?,?,?,?,6F5B4C8F), ref: 6F561C84
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C), ref: 6F561DDC
                                                                                  • DbgPrint.BCCB(ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix),00000000,?,?,?), ref: 6F561DFE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSession$MemoryPrintVirtual$AllocateInitializeQueryThunk
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                  • API String ID: 1108326835-2586055223
                                                                                  • Opcode ID: 83a2561faf239dde94f87d5c8f03cffd57c43a62e8d7d304130a587d3810f873
                                                                                  • Instruction ID: 02196277888cd02d48049deb8c29347d462f6381ab28ee22d3967061285721fa
                                                                                  • Opcode Fuzzy Hash: 83a2561faf239dde94f87d5c8f03cffd57c43a62e8d7d304130a587d3810f873
                                                                                  • Instruction Fuzzy Hash: 1651EE322097809FE312CB68C944F6A77F9EF81B54F140979F8658B2A1DB34EC44CB62
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F6F60, Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 235nativememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 86%
                                                                                  			E6F4F6F60(WCHAR* _a4, WCHAR* _a8, void* _a12, signed int _a16, void* _a20, unsigned int _a24, int* _a28) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				char _v32;
				void* _v36;
				void* _v44;
				long _v48;
				char _v52;
				char _v56;
				char _v60;
				int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				int _v80;
				signed int _t72;
				signed int _t81;
				WCHAR* _t88;
				int* _t96;
				void _t100;
				void _t106;
				void* _t107;
				int* _t108;
				long _t111;
				unsigned int _t113;
				unsigned int _t115;
				int _t117;
				void* _t118;
				intOrPtr* _t121;
				void* _t123;
				int _t126;
				void* _t127;
				void* _t128;
				void* _t131;
				signed int _t134;
				long _t136;
				void* _t137;
				signed int _t138;

				_t72 = _a16;
				_t111 = 0;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_t131 = 0;
				if(_t72 != 0) {
					if(_t72 == 1) {
						goto L1;
					}
					_t81 = 0xc00000f1;
					L14:
					return _t81;
				}
				L1:
				_v28 = 0x18;
				_v20 = 0x6f4d16a8 + _t72 * 8;
				_push( &_v28);
				_push(0x20019);
				_v24 = _t111;
				_push( &_v52);
				_v16 = 0x40;
				_v12 = _t111;
				_v8 = _t111;
				_t134 = E6F539600();
				if(_t134 != 0xc0000034) {
					if(_t134 < 0) {
						L10:
						if(_v52 != 0) {
							_push(_v52);
							E6F5395D0();
						}
						if(_v48 != 0) {
							_push(_v48);
							E6F5395D0();
						}
						if(_t131 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), _t111, _t131);
						}
						_t81 = _t134;
						goto L14;
					}
					RtlInitUnicodeString( &_v36, _a4);
					_v32 = _v60;
					_v28 =  &_v44;
					_push( &_v36);
					_push(0x20019);
					_v36 = 0x18;
					_push( &_v56);
					_v24 = 0x40;
					_v20 = _t111;
					_v16 = _t111;
					_t134 = E6F539600();
					if(_t134 == 0xc0000034) {
						goto L2;
					}
					L20:
					if(_t134 < 0) {
						goto L10;
					}
					_t88 = _a8;
					if(_t88 == 0) {
						_t88 = L"TargetPath";
					}
					RtlInitUnicodeString( &_v44, _t88);
					_t113 = _a24;
					_t136 = _t113 + 0x10;
					if(_t136 >= _t113) {
						_t131 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t136);
						if(_t131 != 0) {
							_push( &_v80);
							_push(_t136);
							_push(_t131);
							_push(2);
							_push( &_v60);
							_push(_v72);
							_t134 = E6F539650();
							if(_t134 < 0) {
								if(_t134 != 0x80000005) {
									goto L51;
								}
								L32:
								_t117 =  *(_t131 + 8);
								_t49 = _t131 + 0xc; // 0xc
								_t128 = _t49;
								_v80 = _t117;
								if(_t134 < 0) {
									L47:
									_t96 = _a28;
									if(_t96 != 0) {
										 *_t96 = _t117;
									}
									if(_t134 >= 0) {
										memcpy(_a20, _t128, _t117);
									}
									goto L51;
								}
								_t115 = _a24;
								if( *((intOrPtr*)(_t128 + (_t117 >> 1) * 2 - 2)) != 0) {
									_t117 = _t117 + 2;
									_v80 = _t117;
									if(_t115 < _t117) {
										_t134 = 0x80000005;
									} else {
										 *((short*)(_t128 + (_t117 >> 1) * 2 - 2)) = 0;
										_t117 = _v80;
									}
								}
								if(_t134 < 0 ||  *((intOrPtr*)(_t131 + 4)) != 2) {
									goto L47;
								} else {
									_t118 = _t128;
									_t61 = _t118 + 2; // 0xe
									_t137 = _t61;
									do {
										_t100 =  *_t118;
										_t118 = _t118 + 2;
									} while (_t100 != _v68);
									_t111 = 0;
									_t134 = E6F522440(0, _t128, _t118 - _t137 >> 1, _a20, _t115 >> 1,  &_v64);
									if(_t134 >= 0 || _t134 == 0xc0000023) {
										_t121 = _a28;
										if(_t121 != 0) {
											 *_t121 = _v64 + _v64;
										}
										if(_t134 == 0xc0000023) {
											_t134 = 0x80000005;
										}
									}
									goto L10;
								}
							}
							if( *((intOrPtr*)(_t131 + 4)) == 1 ||  *((intOrPtr*)(_t131 + 4)) == 2) {
								goto L32;
							} else {
								_t134 = 0xc0000024;
								goto L51;
							}
						}
						_t134 = 0xc0000017;
						goto L51;
					} else {
						_t134 = 0xc0000095;
						L51:
						_t111 = 0;
						goto L10;
					}
				}
				L2:
				_t127 = _a12;
				if(_t127 == 0) {
					goto L20;
				} else {
					_t123 = _t127;
					_t138 = _t123 + 2;
					goto L4;
					L4:
					_t106 =  *_t123;
					_t123 = _t123 + 2;
					if(_t106 != _t111) {
						goto L4;
					} else {
						_t107 = (_t123 - _t138 >> 1) + 1;
						_t126 = _t107 + _t107;
						_v64 = _t126;
						if(_t126 < _t107) {
							_t134 = 0xc0000095;
						} else {
							_t108 = _a28;
							asm("sbb esi, esi");
							_t134 = _t138 & 0x80000005;
							if(_t108 != 0) {
								 *_t108 = _t126;
							}
							if(_t126 <= _a24) {
								memcpy(_a20, _t127, _t126);
							}
						}
						goto L10;
					}
				}
			}











































                                                                                  0x6f4f6f6b
                                                                                  0x6f4f6f6f
                                                                                  0x6f4f6f71
                                                                                  0x6f4f6f75
                                                                                  0x6f4f6f79
                                                                                  0x6f4f6f7f
                                                                                  0x6f4f6f83
                                                                                  0x6f5520d3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5520d9
                                                                                  0x6f4f7045
                                                                                  0x6f4f704b
                                                                                  0x6f4f704b
                                                                                  0x6f4f6f89
                                                                                  0x6f4f6f90
                                                                                  0x6f4f6f98
                                                                                  0x6f4f6fa0
                                                                                  0x6f4f6fa1
                                                                                  0x6f4f6faa
                                                                                  0x6f4f6fae
                                                                                  0x6f4f6faf
                                                                                  0x6f4f6fb7
                                                                                  0x6f4f6fbb
                                                                                  0x6f4f6fc4
                                                                                  0x6f4f6fcc
                                                                                  0x6f5520e5
                                                                                  0x6f4f7025
                                                                                  0x6f4f702a
                                                                                  0x6f5522a1
                                                                                  0x6f5522a5
                                                                                  0x6f5522a5
                                                                                  0x6f4f7035
                                                                                  0x6f5522af
                                                                                  0x6f5522b3
                                                                                  0x6f5522b3
                                                                                  0x6f4f703d
                                                                                  0x6f5522c8
                                                                                  0x6f5522c8
                                                                                  0x6f4f7043
                                                                                  0x00000000
                                                                                  0x6f4f7043
                                                                                  0x6f5520f3
                                                                                  0x6f5520fc
                                                                                  0x6f552104
                                                                                  0x6f55210c
                                                                                  0x6f55210d
                                                                                  0x6f552116
                                                                                  0x6f55211e
                                                                                  0x6f55211f
                                                                                  0x6f552127
                                                                                  0x6f55212b
                                                                                  0x6f552134
                                                                                  0x6f55213c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f552142
                                                                                  0x6f552144
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55214a
                                                                                  0x6f55214f
                                                                                  0x6f552151
                                                                                  0x6f552151
                                                                                  0x6f55215c
                                                                                  0x6f552161
                                                                                  0x6f552164
                                                                                  0x6f552169
                                                                                  0x6f552187
                                                                                  0x6f55218b
                                                                                  0x6f55219b
                                                                                  0x6f55219c
                                                                                  0x6f55219d
                                                                                  0x6f55219e
                                                                                  0x6f5521a4
                                                                                  0x6f5521a5
                                                                                  0x6f5521ae
                                                                                  0x6f5521b2
                                                                                  0x6f5521d0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5521d6
                                                                                  0x6f5521d6
                                                                                  0x6f5521d9
                                                                                  0x6f5521d9
                                                                                  0x6f5521dc
                                                                                  0x6f5521e2
                                                                                  0x6f552280
                                                                                  0x6f552280
                                                                                  0x6f552285
                                                                                  0x6f552287
                                                                                  0x6f552287
                                                                                  0x6f55228b
                                                                                  0x6f552292
                                                                                  0x6f552297
                                                                                  0x00000000
                                                                                  0x6f55228b
                                                                                  0x6f5521f3
                                                                                  0x6f5521f6
                                                                                  0x6f5521f8
                                                                                  0x6f5521fb
                                                                                  0x6f552201
                                                                                  0x6f552212
                                                                                  0x6f552203
                                                                                  0x6f552207
                                                                                  0x6f55220c
                                                                                  0x6f55220c
                                                                                  0x6f552201
                                                                                  0x6f552219
                                                                                  0x00000000
                                                                                  0x6f552221
                                                                                  0x6f552221
                                                                                  0x6f552223
                                                                                  0x6f552223
                                                                                  0x6f552226
                                                                                  0x6f552226
                                                                                  0x6f552229
                                                                                  0x6f55222c
                                                                                  0x6f552240
                                                                                  0x6f55224c
                                                                                  0x6f552255
                                                                                  0x6f55225f
                                                                                  0x6f552264
                                                                                  0x6f55226c
                                                                                  0x6f55226c
                                                                                  0x6f552270
                                                                                  0x6f552276
                                                                                  0x6f552276
                                                                                  0x6f552270
                                                                                  0x00000000
                                                                                  0x6f552255
                                                                                  0x6f552219
                                                                                  0x6f5521b8
                                                                                  0x00000000
                                                                                  0x6f5521c0
                                                                                  0x6f5521c0
                                                                                  0x00000000
                                                                                  0x6f5521c0
                                                                                  0x6f5521b8
                                                                                  0x6f55218d
                                                                                  0x00000000
                                                                                  0x6f55216b
                                                                                  0x6f55216b
                                                                                  0x6f55229a
                                                                                  0x6f55229a
                                                                                  0x00000000
                                                                                  0x6f55229a
                                                                                  0x6f552169
                                                                                  0x6f4f6fd2
                                                                                  0x6f4f6fd2
                                                                                  0x6f4f6fd7
                                                                                  0x00000000
                                                                                  0x6f4f6fdd
                                                                                  0x6f4f6fdd
                                                                                  0x6f4f6fdf
                                                                                  0x6f4f6fdf
                                                                                  0x6f4f6fe2
                                                                                  0x6f4f6fe2
                                                                                  0x6f4f6fe5
                                                                                  0x6f4f6feb
                                                                                  0x00000000
                                                                                  0x6f4f6fed
                                                                                  0x6f4f6ff1
                                                                                  0x6f4f6ff4
                                                                                  0x6f4f6ff7
                                                                                  0x6f4f6ffd
                                                                                  0x6f4f704e
                                                                                  0x6f4f6fff
                                                                                  0x6f4f7002
                                                                                  0x6f4f7005
                                                                                  0x6f4f7007
                                                                                  0x6f4f700f
                                                                                  0x6f4f7011
                                                                                  0x6f4f7011
                                                                                  0x6f4f7016
                                                                                  0x6f4f701d
                                                                                  0x6f4f7022
                                                                                  0x6f4f7016
                                                                                  0x00000000
                                                                                  0x6f4f6ffd
                                                                                  0x6f4f6feb

                                                                                  APIs
                                                                                  • ZwOpenKey.BCCB(?,?,?,?,00020019,00000018), ref: 6F4F6FBF
                                                                                    • Part of subcall function 6F539600: LdrInitializeThunk.NTDLL(6F531119,?,?,00000018,?), ref: 6F53960A
                                                                                  • memcpy.BCCB(?,?,?,?,00020019,00000018,?,?,?,?,?,?,00020019,00000018), ref: 6F4F701D
                                                                                  • RtlInitUnicodeString.BCCB(?,?,?,?,?,?,00020019,00000018), ref: 6F5520F3
                                                                                  • ZwOpenKey.BCCB(?,00020019,00000018,?,?,?,?,?,?,00020019,00000018), ref: 6F55212F
                                                                                  • RtlInitUnicodeString.BCCB(?,?,?,00020019,00000018,?,?,?,?,?,?,00020019,00000018), ref: 6F55215C
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?,?,?,?,00020019,00000018,?,?,?,?,?,?,00020019,00000018), ref: 6F552182
                                                                                  • ZwClose.BCCB(00000000,?,?,?,?,00020019,00000018), ref: 6F5522A5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitOpenStringUnicode$AllocateCloseHeapInitializeThunkmemcpy
                                                                                  • String ID: @$TargetPath
                                                                                  • API String ID: 1135747570-4164548946
                                                                                  • Opcode ID: 6f940c3b1e7b856a52eed184696e8c07210e2d081696d624af5d417118dc9749
                                                                                  • Instruction ID: d8099c8be7f65eab0a7d0cb9caad1d663b197d1b42b90f16f951d26cd3b53142
                                                                                  • Opcode Fuzzy Hash: 6f940c3b1e7b856a52eed184696e8c07210e2d081696d624af5d417118dc9749
                                                                                  • Instruction Fuzzy Hash: E381DB729097169FD710CE28C880E9BB7B5FF84318F01863EE9589B610E734EC56CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FF51D, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185librarymemorytimeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 77%
                                                                                  			E6F4FF51D(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v12;
				intOrPtr* _v16;
				void* _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t54;
				intOrPtr _t63;
				intOrPtr _t76;
				signed int _t77;
				signed int _t86;
				void* _t88;
				signed int _t89;
				void* _t90;
				intOrPtr* _t91;
				intOrPtr _t92;
				intOrPtr* _t93;
				void* _t94;
				void* _t95;
				signed int _t101;
				intOrPtr* _t107;
				void* _t108;
				intOrPtr* _t109;
				void* _t110;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				intOrPtr* _t115;
				void* _t116;
				signed int _t117;
				signed int _t118;
				signed int _t120;

				_t106 = __edx;
				_t93 = __ecx;
				_t120 = (_t118 & 0xfffffff8) - 0x14;
				_v8 =  *0x6f5ed360 ^ _t120;
				_t115 = __ecx;
				_v24 =  *[fs:0x30];
				_t88 = 0;
				_v16 = __ecx;
				_push(_t108);
				if( *((intOrPtr*)(__ecx + 0x20)) == 0xfffffffc) {
					L3:
					 *(_t115 + 0x20) =  *(_t115 + 0x20) | 0xffffffff;
					E6F500225(_t88, _t93, _t108, _t115,  *(_t115 + 0x20));
					L4:
					if( *0x6f5e8472 != _t88) {
						_t106 =  *0x7ffe0330;
						_t89 =  *0x6f5eb210; // 0x0
						_t94 = 0x20;
						_t93 = _t94 - (_t106 & 0x0000001f);
						asm("ror ebx, cl");
						_t88 = _t89 ^ _t106;
					}
					L6F50EEF0(0x6f5e52d8);
					_t54 =  *_t115;
					while(1) {
						_v20 = _t54;
						if(_t54 == _t115) {
							break;
						}
						_t22 = _t54 - 0x54; // -84
						_t109 = _t22;
						__eflags =  *(_t109 + 0x34) & 0x00000008;
						if(( *(_t109 + 0x34) & 0x00000008) != 0) {
							_push(_t93);
							_t106 = 2;
							E6F508B80(_t109, _t106);
							__eflags = _t88;
							if(_t88 != 0) {
								 *0x6f5eb1e0(_t109);
								 *_t88();
							}
							_t93 = _t109;
							E6F508800(_t93, 1);
							_t63 = _v32;
							__eflags =  *(_t63 + 0x68) & 0x00000100;
							if(( *(_t63 + 0x68) & 0x00000100) != 0) {
								_t93 = _t109;
								E6F57EA20(_t93);
							}
						}
						__eflags =  *0x6f5e5780 & 0x00000005;
						if(__eflags != 0) {
							_t46 = _t109 + 0x24; // -48
							E6F575510("minkernel\\ntdll\\ldrsnap.c", 0xc5e, "LdrpUnloadNode", 2, "Unmapping DLL \"%wZ\"\n", _t46);
							_t120 = _t120 + 0x18;
						}
						_push(0);
						_push( *((intOrPtr*)(_t109 + 0x18)));
						E6F500100(_t88, _t93, _t109, _t115, __eflags);
						_t54 =  *_v28;
					}
					_t65 = E6F50EB70(_t93, 0x6f5e52d8);
					while(1) {
						L8:
						_t95 =  *(_t115 + 0x18);
						if(_t95 == 0) {
							break;
						}
						_t110 =  *_t95;
						__eflags = _t110 - _t95;
						if(_t110 != _t95) {
							_t65 =  *_t110;
							 *_t95 =  *_t110;
						} else {
							_t34 = _t115 + 0x18;
							 *_t34 =  *(_t115 + 0x18) & 0x00000000;
							__eflags =  *_t34;
						}
						__eflags = _t110;
						if(_t110 == 0) {
							break;
						} else {
							E6F512280(_t65, 0x6f5e84d8);
							_t92 =  *((intOrPtr*)(_t110 + 4));
							_t37 = _t110 + 8; // -76
							_t107 = _t37;
							_t101 =  *(_t92 + 0x1c);
							_t76 =  *_t101;
							_v28 = _t76;
							__eflags = _t76 - _t107;
							if(_t76 != _t107) {
								_t117 = _v24;
								do {
									_t77 =  *_t117;
									_t101 = _t117;
									_t117 = _t77;
									__eflags = _t77 - _t107;
								} while (_t77 != _t107);
								_t115 = _v16;
							}
							 *_t101 =  *_t107;
							__eflags =  *(_t92 + 0x1c) - _t107;
							if(__eflags == 0) {
								asm("sbb eax, eax");
								_t86 =  ~(_t101 - _t107) & _t101;
								__eflags = _t86;
								 *(_t92 + 0x1c) = _t86;
							}
							_t106 = 0;
							_push( &_v12);
							E6F50093F(_t92, _t92, 0, _t110, _t115, __eflags);
							E6F50FFB0(_t92, _t110, 0x6f5e84d8);
							__eflags = _v20;
							if(_v20 != 0) {
								E6F4FF51D(_t92, 0);
							}
							_t65 = RtlFreeHeap( *0x6f5e7b98, 0, _t110);
							continue;
						}
					}
					_t111 =  *_t115;
					 *(_t115 + 0x20) = 0xfffffffe;
					if(_t111 == _t115) {
						L14:
						_pop(_t112);
						_pop(_t116);
						_pop(_t90);
						return E6F53B640(_t65, _t90, _v8 ^ _t120, _t106, _t112, _t116);
					} else {
						goto L10;
					}
					do {
						L10:
						_t91 =  *_t111;
						_t113 = _t111 + 0xffffffac;
						 *(_t113 + 0x34) =  *(_t113 + 0x34) | 0x00000002;
						E6F512280(_t65, 0x6f5e84d8);
						E6F50008A(_t113, _t115);
						if(( *(_t113 + 0x34) & 0x00000080) != 0) {
							_t17 = _t113 + 0x74; // -140
							L6F4FF900(0x6f5e85fc, _t17);
							_t18 = _t113 + 0x68; // -152
							L6F4FF900(0x6f5e85f4, _t18);
							 *(_t113 + 0x20) =  *(_t113 + 0x20) & 0x00000000;
						}
						E6F50FFB0(_t91, _t113, 0x6f5e84d8);
						if( *0x6f5e7b94 != 0) {
							E6F530413(_t113);
						}
						_t65 = E6F50EC7F(_t113);
						_t111 = _t91;
					} while (_t91 != _t115);
					goto L14;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 7) {
					goto L4;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) != 9) {
					goto L8;
				}
				goto L3;
			}









































                                                                                  0x6f4ff51d
                                                                                  0x6f4ff51d
                                                                                  0x6f4ff525
                                                                                  0x6f4ff52f
                                                                                  0x6f4ff53b
                                                                                  0x6f4ff53d
                                                                                  0x6f4ff541
                                                                                  0x6f4ff543
                                                                                  0x6f4ff547
                                                                                  0x6f4ff54c
                                                                                  0x6f4ff55a
                                                                                  0x6f4ff55a
                                                                                  0x6f4ff55e
                                                                                  0x6f4ff563
                                                                                  0x6f4ff569
                                                                                  0x6f4ff718
                                                                                  0x6f4ff720
                                                                                  0x6f4ff72b
                                                                                  0x6f4ff72c
                                                                                  0x6f4ff72e
                                                                                  0x6f4ff730
                                                                                  0x6f4ff730
                                                                                  0x6f4ff574
                                                                                  0x6f4ff579
                                                                                  0x6f4ff57b
                                                                                  0x6f4ff57b
                                                                                  0x6f4ff581
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4ff61f
                                                                                  0x6f4ff61f
                                                                                  0x6f4ff622
                                                                                  0x6f4ff626
                                                                                  0x6f4ff628
                                                                                  0x6f4ff62b
                                                                                  0x6f4ff62e
                                                                                  0x6f4ff633
                                                                                  0x6f4ff635
                                                                                  0x6f4ff73a
                                                                                  0x6f4ff740
                                                                                  0x6f4ff740
                                                                                  0x6f4ff63d
                                                                                  0x6f4ff63f
                                                                                  0x6f4ff644
                                                                                  0x6f4ff648
                                                                                  0x6f4ff64f
                                                                                  0x6f555d11
                                                                                  0x6f555d13
                                                                                  0x6f555d13
                                                                                  0x6f4ff64f
                                                                                  0x6f4ff655
                                                                                  0x6f4ff65c
                                                                                  0x6f555d1d
                                                                                  0x6f555d37
                                                                                  0x6f555d3c
                                                                                  0x6f555d3c
                                                                                  0x6f4ff662
                                                                                  0x6f4ff664
                                                                                  0x6f4ff667
                                                                                  0x6f4ff670
                                                                                  0x6f4ff670
                                                                                  0x6f4ff58c
                                                                                  0x6f4ff591
                                                                                  0x6f4ff591
                                                                                  0x6f4ff591
                                                                                  0x6f4ff596
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4ff677
                                                                                  0x6f4ff679
                                                                                  0x6f4ff67b
                                                                                  0x6f4ff706
                                                                                  0x6f4ff708
                                                                                  0x6f4ff681
                                                                                  0x6f4ff681
                                                                                  0x6f4ff681
                                                                                  0x6f4ff681
                                                                                  0x6f4ff681
                                                                                  0x6f4ff685
                                                                                  0x6f4ff687
                                                                                  0x00000000
                                                                                  0x6f4ff68d
                                                                                  0x6f4ff692
                                                                                  0x6f4ff697
                                                                                  0x6f4ff69a
                                                                                  0x6f4ff69a
                                                                                  0x6f4ff69d
                                                                                  0x6f4ff6a0
                                                                                  0x6f4ff6a2
                                                                                  0x6f4ff6a6
                                                                                  0x6f4ff6a8
                                                                                  0x6f4ff6f2
                                                                                  0x6f4ff6f6
                                                                                  0x6f4ff6f6
                                                                                  0x6f4ff6f8
                                                                                  0x6f4ff6fa
                                                                                  0x6f4ff6fc
                                                                                  0x6f4ff6fc
                                                                                  0x6f4ff700
                                                                                  0x6f4ff700
                                                                                  0x6f4ff6ac
                                                                                  0x6f4ff6ae
                                                                                  0x6f4ff6b1
                                                                                  0x6f4ff6b9
                                                                                  0x6f4ff6bb
                                                                                  0x6f4ff6bb
                                                                                  0x6f4ff6bd
                                                                                  0x6f4ff6bd
                                                                                  0x6f4ff6c4
                                                                                  0x6f4ff6c6
                                                                                  0x6f4ff6c9
                                                                                  0x6f4ff6d3
                                                                                  0x6f4ff6d8
                                                                                  0x6f4ff6dd
                                                                                  0x6f4ff711
                                                                                  0x6f4ff711
                                                                                  0x6f4ff6e8
                                                                                  0x00000000
                                                                                  0x6f4ff6e8
                                                                                  0x6f4ff687
                                                                                  0x6f4ff59c
                                                                                  0x6f4ff59e
                                                                                  0x6f4ff5a7
                                                                                  0x6f4ff60d
                                                                                  0x6f4ff611
                                                                                  0x6f4ff612
                                                                                  0x6f4ff613
                                                                                  0x6f4ff61e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4ff5a9
                                                                                  0x6f4ff5a9
                                                                                  0x6f4ff5a9
                                                                                  0x6f4ff5ab
                                                                                  0x6f4ff5b3
                                                                                  0x6f4ff5b7
                                                                                  0x6f4ff5be
                                                                                  0x6f4ff5c7
                                                                                  0x6f4ff5c9
                                                                                  0x6f4ff5d2
                                                                                  0x6f4ff5d7
                                                                                  0x6f4ff5e0
                                                                                  0x6f4ff5e5
                                                                                  0x6f4ff5e5
                                                                                  0x6f4ff5ee
                                                                                  0x6f4ff5fa
                                                                                  0x6f555d46
                                                                                  0x6f555d46
                                                                                  0x6f4ff602
                                                                                  0x6f4ff607
                                                                                  0x6f4ff609
                                                                                  0x00000000
                                                                                  0x6f4ff5a9
                                                                                  0x6f4ff552
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4ff558
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E52D8), ref: 6F4FF574
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E52D8,?,00000000,6F5E52D8), ref: 6F4FF58C
                                                                                  • RtlAcquireSRWLockExclusive.BCCB ref: 6F4FF5B7
                                                                                  • RtlRbRemoveNode.BCCB(6F5E85FC,-0000008C), ref: 6F4FF5D2
                                                                                  • RtlRbRemoveNode.BCCB(6F5E85F4,-00000098,6F5E85FC,-0000008C), ref: 6F4FF5E0
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E84D8), ref: 6F4FF5EE
                                                                                  • LdrUnloadAlternateResourceModuleEx.BCCB(?,00000000,6F5E52D8), ref: 6F4FF667
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E84D8,6F5E52D8,?,00000000,6F5E52D8), ref: 6F4FF692
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E84D8,?,6F5E84D8,6F5E52D8,?,00000000,6F5E52D8), ref: 6F4FF6D3
                                                                                  • RtlFreeHeap.BCCB(00000000,-00000054,6F5E84D8,?,6F5E84D8,6F5E52D8), ref: 6F4FF6E8
                                                                                  • RtlDebugPrintTimes.BCCB(-00000054,?,6F5E52D8), ref: 6F4FF73A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireCriticalNodeReleaseRemoveSection$AlternateDebugEnterFreeHeapLeaveModulePrintResourceTimesUnload
                                                                                  • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                  • API String ID: 2596885168-2283098728
                                                                                  • Opcode ID: e240d7ec6e797ad23d4005dd81d78dfb4d3c348ab5ec6cb09d9a4d64dd3b00ea
                                                                                  • Instruction ID: 41e3149e90256264023c93d05795f0d196163e5f3859393cf0a779160c08509a
                                                                                  • Opcode Fuzzy Hash: e240d7ec6e797ad23d4005dd81d78dfb4d3c348ab5ec6cb09d9a4d64dd3b00ea
                                                                                  • Instruction Fuzzy Hash: 13517171206B019BE714DE38C984E5AB7A5BFC5328F140729E4599BBD1EB30AC57CB82
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F52A5, Relevance: 24.2, APIs: 16, Instructions: 161nativememoryfileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 78%
                                                                                  			E6F4F52A5(char __ecx) {
				char _v20;
				void* _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v60;
				void* __ebx;
				void* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				void* _t102;
				void* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					L6F50EEF0(0x6f5e79a0);
					_t104 =  *0x6f5e8210;
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E6F50EB70(_t93, 0x6f5e79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E6F539890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									L6F50EEF0(0x6f5e79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E6F50EB70(0, 0x6f5e79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t93 = _t104 + 0xc;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E6F52F0BF(_t104 + 0xc,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									L6F50EEF0(0x6f5e79a0);
									__eflags =  *0x6f5e8210 - _t104;
									if( *0x6f5e8210 == _t104) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x6f5e8210 = _t102;
										 *_t95 =  *((intOrPtr*)(_t102 + 0xc));
										 *((intOrPtr*)(_t95 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
										 *((intOrPtr*)(_t95 + 8)) =  *((intOrPtr*)(_t102 + 4));
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E6F574888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E6F50EB70(_t95, 0x6f5e79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E6F5395D0();
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
											_t102 = _v40;
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E6F5395D0();
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
											_t102 = _v40;
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E6F50EB70(_t93, 0x6f5e79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E6F5395D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
										_t102 = _v40;
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t102 + 4)));
										E6F5395D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E6F52F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                  0x6f4f52a5
                                                                                  0x6f4f52ad
                                                                                  0x6f4f52b0
                                                                                  0x6f4f52b3
                                                                                  0x6f4f52b7
                                                                                  0x6f4f52ba
                                                                                  0x6f4f52bf
                                                                                  0x6f4f52c4
                                                                                  0x6f4f52cc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f52ce
                                                                                  0x6f4f52d9
                                                                                  0x6f4f52dd
                                                                                  0x6f4f52e7
                                                                                  0x6f4f52f7
                                                                                  0x6f4f52f9
                                                                                  0x6f4f52fd
                                                                                  0x6f550dcf
                                                                                  0x6f550dd5
                                                                                  0x6f550dd6
                                                                                  0x6f550dd7
                                                                                  0x6f550dd8
                                                                                  0x6f550dd9
                                                                                  0x6f550dde
                                                                                  0x6f550ddf
                                                                                  0x6f550de0
                                                                                  0x6f550de1
                                                                                  0x6f550de2
                                                                                  0x6f550de5
                                                                                  0x6f550dea
                                                                                  0x6f550dec
                                                                                  0x6f550f60
                                                                                  0x6f550f64
                                                                                  0x6f550f70
                                                                                  0x6f550f76
                                                                                  0x6f550f79
                                                                                  0x6f550f79
                                                                                  0x00000000
                                                                                  0x6f550f64
                                                                                  0x6f550df2
                                                                                  0x6f550df7
                                                                                  0x6f550e04
                                                                                  0x6f550e0d
                                                                                  0x6f550e10
                                                                                  0x6f550e1a
                                                                                  0x6f550e1c
                                                                                  0x6f550e4c
                                                                                  0x6f550e52
                                                                                  0x6f550e61
                                                                                  0x6f550e67
                                                                                  0x6f550e6b
                                                                                  0x6f550e70
                                                                                  0x6f550e76
                                                                                  0x6f550ed7
                                                                                  0x6f550edc
                                                                                  0x6f550ee0
                                                                                  0x6f550eea
                                                                                  0x6f550ef0
                                                                                  0x6f550ef6
                                                                                  0x6f550ef9
                                                                                  0x6f550efe
                                                                                  0x6f550f01
                                                                                  0x6f550f01
                                                                                  0x6f550f0b
                                                                                  0x6f550f12
                                                                                  0x6f550f16
                                                                                  0x6f550f18
                                                                                  0x6f550f1b
                                                                                  0x6f550f2c
                                                                                  0x6f550f31
                                                                                  0x6f550f31
                                                                                  0x6f550f35
                                                                                  0x6f550f39
                                                                                  0x6f550f3a
                                                                                  0x6f550f3c
                                                                                  0x6f550f3f
                                                                                  0x6f550f50
                                                                                  0x6f550f55
                                                                                  0x6f550f55
                                                                                  0x6f550f59
                                                                                  0x6f4f52eb
                                                                                  0x6f4f52f1
                                                                                  0x6f4f52f1
                                                                                  0x6f550e7d
                                                                                  0x6f550e84
                                                                                  0x6f550e88
                                                                                  0x6f550e8a
                                                                                  0x6f550e8d
                                                                                  0x6f550e9e
                                                                                  0x6f550ea3
                                                                                  0x6f550ea3
                                                                                  0x6f550ea7
                                                                                  0x6f550eaf
                                                                                  0x6f550eb3
                                                                                  0x6f550eb9
                                                                                  0x6f550ebc
                                                                                  0x6f550ecd
                                                                                  0x6f550ecd
                                                                                  0x00000000
                                                                                  0x6f550eb3
                                                                                  0x6f550e21
                                                                                  0x6f550e2b
                                                                                  0x6f550e2f
                                                                                  0x6f550e30
                                                                                  0x6f550e3a
                                                                                  0x6f550e3f
                                                                                  0x6f550e41
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f550e47
                                                                                  0x00000000
                                                                                  0x6f550e47
                                                                                  0x6f550df9
                                                                                  0x6f550dfe
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f550dfe
                                                                                  0x6f4f5303
                                                                                  0x6f4f5307
                                                                                  0x00000000
                                                                                  0x6f4f5309
                                                                                  0x00000000
                                                                                  0x6f4f5309
                                                                                  0x6f4f5307
                                                                                  0x6f4f52e9
                                                                                  0x6f4f52e9
                                                                                  0x00000000
                                                                                  0x6f4f52e9
                                                                                  0x6f4f530e
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E79A0,?,?,00000000,?,?,?,6F4F51B4,?,?,?), ref: 6F4F52BF
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E79A0,6F5E79A0,?,?,00000000,?,?,?,6F4F51B4,?,?,?), ref: 6F4F52DD
                                                                                  • ZwFsControlFile.BCCB(?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6F5E79A0,6F5E79A0,?,?,00000000), ref: 6F550DE5
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E79A0,6F5E79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6F5E79A0,6F5E79A0,?), ref: 6F550E6B
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E79A0,6F5E79A0,6F5E79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6F5E79A0,6F5E79A0,?), ref: 6F550E7D
                                                                                  • ZwClose.BCCB(?,6F5E79A0,6F5E79A0,6F5E79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6F5E79A0,6F5E79A0), ref: 6F550E8D
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,6F5E79A0,6F5E79A0,6F5E79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6F550E9E
                                                                                  • ZwClose.BCCB(?,6F5E79A0,6F5E79A0,6F5E79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6F5E79A0,6F5E79A0), ref: 6F550EBC
                                                                                  • RtlFreeHeap.BCCB(?,00000000,6F5E79A0,?,6F5E79A0,6F5E79A0,6F5E79A0,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6F550ECD
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$CloseEnterFreeHeapLeave$ControlFile
                                                                                  • String ID:
                                                                                  • API String ID: 1928194833-0
                                                                                  • Opcode ID: 802b0ebc4d58517a31c93168564e337f249e45d632117e98f8ffe57d63dd86f8
                                                                                  • Instruction ID: f9830381915d43e70a747c6b891369bae2faddee55ee408fa6ed3301e3d211ca
                                                                                  • Opcode Fuzzy Hash: 802b0ebc4d58517a31c93168564e337f249e45d632117e98f8ffe57d63dd86f8
                                                                                  • Instruction Fuzzy Hash: 1E51FF71109742ABD311DF28C940B1BBBE5FF81718F104A2EE4A987A91E774FC55CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5B49A4, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 114memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,?,00000000,?,00001000,00000004,00000000,?,00000000,?,?,6F5B44B7,?), ref: 6F5B49DF
                                                                                    • Part of subcall function 6F539660: LdrInitializeThunk.NTDLL(6F5818BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6F5D0810,0000001C,6F581616), ref: 6F53966A
                                                                                  • RtlCompareMemory.BCCB(?,01000000,?,00000000,?,00000000,?,?,6F5B44B7,?), ref: 6F5B49FE
                                                                                  • memcpy.BCCB(01000000,?,?,00000000,?,00000000,?,?,6F5B44B7,?), ref: 6F5B4A0C
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?), ref: 6F5B4A42
                                                                                  • DbgPrint.BCCB(HEAP: ,?), ref: 6F5B4A4F
                                                                                  • DbgPrint.BCCB(Heap %p - headers modified (%p is %lx instead of %lx),?,HEAP: ,HEAP: ,00000000,?), ref: 6F5B4A66
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?), ref: 6F5B4ABC
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,?,?), ref: 6F5B4AC9
                                                                                  • DbgPrint.BCCB( This is located in the %s field of the heap header.,?,?,?,?,?,?), ref: 6F5B4ADB
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$Memory$AllocateCompareInitializeThunkVirtualmemcpy
                                                                                  • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                  • API String ID: 4107597528-336120773
                                                                                  • Opcode ID: e358b76888c791290796521bbc50eeb2599b4283a2639d1e2aa6063076434a0d
                                                                                  • Instruction ID: 00b2430b5afa8fc57a8b4ae2eed9f3fe95376323001680189bcbc3a35bebba4a
                                                                                  • Opcode Fuzzy Hash: e358b76888c791290796521bbc50eeb2599b4283a2639d1e2aa6063076434a0d
                                                                                  • Instruction Fuzzy Hash: 52311432601654EFD720DF68C9A4F9B73AAFF46768F30856EF8148B691E730AC40C695
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F52AC7B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 205nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 80%
                                                                                  			E6F52AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x9
					E6F54D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x6f5e8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1018
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x21
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E6F5396E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E6F5A3C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E6F5396E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E6F4FB150();
							} else {
								E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E6F4FB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E6F5B14FB(_t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E6F517D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E6F5B1411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E6F517D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E6F5B1411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                                  0x6f52ac85
                                                                                  0x6f52ac88
                                                                                  0x6f52ac8a
                                                                                  0x6f52ac8d
                                                                                  0x6f52ac91
                                                                                  0x6f52ac99
                                                                                  0x6f52ac9c
                                                                                  0x6f569f57
                                                                                  0x6f569f5b
                                                                                  0x6f569f60
                                                                                  0x6f569f60
                                                                                  0x6f52aca8
                                                                                  0x6f52acae
                                                                                  0x6f52acda
                                                                                  0x6f52acde
                                                                                  0x6f52ace8
                                                                                  0x6f52aceb
                                                                                  0x6f52acee
                                                                                  0x00000000
                                                                                  0x6f52acee
                                                                                  0x6f52acf6
                                                                                  0x6f52acb0
                                                                                  0x6f52acb0
                                                                                  0x6f52acbb
                                                                                  0x6f52acbd
                                                                                  0x6f52acc0
                                                                                  0x6f52acc5
                                                                                  0x6f52adae
                                                                                  0x6f52adb4
                                                                                  0x6f52adb4
                                                                                  0x6f52acd4
                                                                                  0x6f52acd8
                                                                                  0x6f52acf9
                                                                                  0x6f52acff
                                                                                  0x6f52ad04
                                                                                  0x6f52ad08
                                                                                  0x6f52ad09
                                                                                  0x6f52ad10
                                                                                  0x6f52ad12
                                                                                  0x6f52ad18
                                                                                  0x6f569f6f
                                                                                  0x6f569f74
                                                                                  0x6f569f76
                                                                                  0x6f569f7c
                                                                                  0x6f569f84
                                                                                  0x6f569f88
                                                                                  0x6f569f89
                                                                                  0x6f569f90
                                                                                  0x6f569f90
                                                                                  0x6f569f76
                                                                                  0x6f52ad1e
                                                                                  0x6f52ad24
                                                                                  0x6f52ad26
                                                                                  0x6f56a097
                                                                                  0x6f56a09b
                                                                                  0x6f56a0ba
                                                                                  0x6f56a0bf
                                                                                  0x6f56a09d
                                                                                  0x6f56a0b2
                                                                                  0x6f56a0b7
                                                                                  0x6f56a0c5
                                                                                  0x6f56a0c8
                                                                                  0x6f56a0cb
                                                                                  0x6f56a0d2
                                                                                  0x00000000
                                                                                  0x6f52ad2c
                                                                                  0x6f52ad2c
                                                                                  0x6f52ad2f
                                                                                  0x6f52ad34
                                                                                  0x6f52ad36
                                                                                  0x6f569f97
                                                                                  0x6f569f9a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f569fa9
                                                                                  0x6f52ad3e
                                                                                  0x6f52ad3e
                                                                                  0x6f52ad41
                                                                                  0x6f569fb3
                                                                                  0x6f569fb9
                                                                                  0x6f569fc0
                                                                                  0x6f569fd0
                                                                                  0x6f569fd0
                                                                                  0x6f569fc0
                                                                                  0x6f52ad4a
                                                                                  0x6f52ad50
                                                                                  0x6f52ad5c
                                                                                  0x6f52ad62
                                                                                  0x6f52ad68
                                                                                  0x6f52ad6b
                                                                                  0x6f52ad6d
                                                                                  0x6f569fda
                                                                                  0x6f569fdd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f569fec
                                                                                  0x00000000
                                                                                  0x6f52ad73
                                                                                  0x6f52ad73
                                                                                  0x6f52ad73
                                                                                  0x6f52ad75
                                                                                  0x6f52ad75
                                                                                  0x6f52ad78
                                                                                  0x6f569ff6
                                                                                  0x6f569ffc
                                                                                  0x6f56a003
                                                                                  0x6f56a00e
                                                                                  0x6f56a010
                                                                                  0x6f56a01b
                                                                                  0x6f56a01b
                                                                                  0x6f56a01b
                                                                                  0x6f56a038
                                                                                  0x6f56a038
                                                                                  0x6f56a003
                                                                                  0x6f52ad84
                                                                                  0x6f52ad89
                                                                                  0x6f52ad8c
                                                                                  0x6f52ad8e
                                                                                  0x6f56a042
                                                                                  0x6f56a045
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f56a054
                                                                                  0x00000000
                                                                                  0x6f52ad94
                                                                                  0x6f52ad94
                                                                                  0x6f52ad94
                                                                                  0x6f52ad96
                                                                                  0x6f52ad96
                                                                                  0x6f52ad99
                                                                                  0x6f56a063
                                                                                  0x6f56a065
                                                                                  0x6f56a070
                                                                                  0x6f56a070
                                                                                  0x6f56a070
                                                                                  0x6f56a08d
                                                                                  0x6f56a08d
                                                                                  0x6f52ada4
                                                                                  0x6f52ada6
                                                                                  0x00000000
                                                                                  0x6f52ada6
                                                                                  0x6f52ad8e
                                                                                  0x6f52ad6d
                                                                                  0x6f52ad3c
                                                                                  0x6f52ad3c
                                                                                  0x00000000
                                                                                  0x6f52ad3c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f52acd8

                                                                                  APIs
                                                                                  • ZwFreeVirtualMemory.BCCB(000000FF,-00000018,?,00004000,?,-00000007,00000001,?,-00000018,?), ref: 6F52AD0B
                                                                                  • RtlFillMemoryUlong.BCCB(00000009,?,FEEEFEEE,?,-00000007,00000001,?,-00000018,?), ref: 6F569F5B
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 6F56A0AD
                                                                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 6F56A0CD
                                                                                  • HEAP: , xrefs: 6F56A0BA
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Memory$FillFreeUlongVirtual
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                  • API String ID: 3117835691-1340214556
                                                                                  • Opcode ID: 033bb5a1e9551d6a26815376b9759789e99ad1aaf41c8b85a695569af90b5c5e
                                                                                  • Instruction ID: 134b0ef77fba26f7b110e8a9bfe701a19852dd021f756e7620569ee6f39ac8ef
                                                                                  • Opcode Fuzzy Hash: 033bb5a1e9551d6a26815376b9759789e99ad1aaf41c8b85a695569af90b5c5e
                                                                                  • Instruction Fuzzy Hash: 1B81DF31644A84EFD712CBA8C994F9ABBF8EF06314F0046B6E5619B6E2D774ED40CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5A64FB, Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 125nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 72%
                                                                                  			E6F5A64FB(intOrPtr* __ecx) {
				signed int _v8;
				char _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char* _v52;
				short _v54;
				void* _v56;
				char* _v60;
				char _v64;
				char* _v68;
				short _v70;
				char _v72;
				char* _v76;
				short _v78;
				void* _v80;
				char* _v84;
				short _v86;
				void* _v88;
				char* _v92;
				short _v94;
				void* _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				short _t48;
				short _t49;
				void* _t50;
				short _t51;
				void* _t55;
				void* _t62;
				void* _t77;
				short _t81;
				short _t82;
				intOrPtr* _t83;
				signed int _t85;

				_v8 =  *0x6f5ed360 ^ _t85;
				_t48 = 0x16;
				_t82 = 0x18;
				_t83 = __ecx;
				_v72 = _t48;
				_t77 = 0x10;
				_t49 = 0x12;
				_v86 = _t49;
				_v94 = _t49;
				_t50 = 0xa;
				_v80 = _t50;
				_t51 = 0xc;
				_v78 = _t51;
				_v112 =  &_v64;
				_push( &_v120);
				_v88 = _t77;
				_v96 = _t77;
				_push(1);
				_push( &_v48);
				_v64 = 0x840082;
				_v60 = L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ProductOptions";
				_v70 = _t82;
				_v68 = L"ProductType";
				_v84 = L"LanmanNt";
				_v92 = L"ServerNt";
				_v76 = L"WinNt";
				_v48 = 0;
				_v120 = _t82;
				_v116 = 0;
				_v108 = 0x240;
				_v104 = 0;
				_v100 = 0;
				_t55 = E6F539600();
				_t84 = _t55;
				if(_t55 >= 0) {
					_push( &_v124);
					_push(0x24);
					_push( &_v44);
					_push(2);
					_push( &_v72);
					_push(_v48);
					_t62 = E6F539650();
					_t84 = _t62;
					if(_t62 >= 0) {
						if(_v40 != 1) {
							L10:
							_t84 = 0xc000090b;
						} else {
							_t31 =  &_v36; // 0x6f566637
							_t81 =  *_t31;
							if(_t81 < 2) {
								goto L10;
							} else {
								_v54 = _t81;
								_v52 =  &_v32;
								_v56 = _t81 - 2;
								if(RtlEqualUnicodeString( &_v56,  &_v80, 1) == 0) {
									if(RtlEqualUnicodeString( &_v56,  &_v88, 1) == 0) {
										if(RtlEqualUnicodeString( &_v56,  &_v96, 1) == 0) {
											goto L10;
										} else {
											 *_t83 = 3;
										}
									} else {
										 *_t83 = 2;
									}
								} else {
									 *_t83 = 1;
								}
							}
						}
					}
				}
				if(_v48 != 0) {
					_push(_v48);
					E6F5395D0();
				}
				return E6F53B640(_t84, 1, _v8 ^ _t85, _t82, _t83, _t84);
			}















































                                                                                  0x6f5a650a
                                                                                  0x6f5a6512
                                                                                  0x6f5a6515
                                                                                  0x6f5a6518
                                                                                  0x6f5a651a
                                                                                  0x6f5a651e
                                                                                  0x6f5a6521
                                                                                  0x6f5a6524
                                                                                  0x6f5a652a
                                                                                  0x6f5a652f
                                                                                  0x6f5a6532
                                                                                  0x6f5a6536
                                                                                  0x6f5a6537
                                                                                  0x6f5a653e
                                                                                  0x6f5a6544
                                                                                  0x6f5a6545
                                                                                  0x6f5a654c
                                                                                  0x6f5a6552
                                                                                  0x6f5a6553
                                                                                  0x6f5a6554
                                                                                  0x6f5a655b
                                                                                  0x6f5a6562
                                                                                  0x6f5a6566
                                                                                  0x6f5a656d
                                                                                  0x6f5a6574
                                                                                  0x6f5a657b
                                                                                  0x6f5a6582
                                                                                  0x6f5a6585
                                                                                  0x6f5a6588
                                                                                  0x6f5a658b
                                                                                  0x6f5a6592
                                                                                  0x6f5a6595
                                                                                  0x6f5a6598
                                                                                  0x6f5a659d
                                                                                  0x6f5a65a1
                                                                                  0x6f5a65aa
                                                                                  0x6f5a65ab
                                                                                  0x6f5a65b0
                                                                                  0x6f5a65b1
                                                                                  0x6f5a65b6
                                                                                  0x6f5a65b7
                                                                                  0x6f5a65ba
                                                                                  0x6f5a65bf
                                                                                  0x6f5a65c3
                                                                                  0x6f5a65c8
                                                                                  0x6f5a662d
                                                                                  0x6f5a662d
                                                                                  0x6f5a65ca
                                                                                  0x6f5a65ca
                                                                                  0x6f5a65ca
                                                                                  0x6f5a65d0
                                                                                  0x00000000
                                                                                  0x6f5a65d2
                                                                                  0x6f5a65d5
                                                                                  0x6f5a65d9
                                                                                  0x6f5a65df
                                                                                  0x6f5a65f3
                                                                                  0x6f5a6609
                                                                                  0x6f5a6623
                                                                                  0x00000000
                                                                                  0x6f5a6625
                                                                                  0x6f5a6625
                                                                                  0x6f5a6625
                                                                                  0x6f5a660b
                                                                                  0x6f5a660b
                                                                                  0x6f5a660b
                                                                                  0x6f5a65f5
                                                                                  0x6f5a65f5
                                                                                  0x6f5a65f5
                                                                                  0x6f5a65f3
                                                                                  0x6f5a65d0
                                                                                  0x6f5a65c8
                                                                                  0x6f5a65c3
                                                                                  0x6f5a6636
                                                                                  0x6f5a6638
                                                                                  0x6f5a663b
                                                                                  0x6f5a663b
                                                                                  0x6f5a6652

                                                                                  APIs
                                                                                  • ZwOpenKey.BCCB(?,00000001,?,00000124,00000000,00000000), ref: 6F5A6598
                                                                                    • Part of subcall function 6F539600: LdrInitializeThunk.NTDLL(6F531119,?,?,00000018,?), ref: 6F53960A
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,?,00000024,?,?,00000001,?,00000124,00000000,00000000), ref: 6F5A65BA
                                                                                  • RtlEqualUnicodeString.BCCB(?,?,00000001,?,?,00000002,?,00000024,?,?,00000001,?,00000124,00000000,00000000), ref: 6F5A65EC
                                                                                  • RtlEqualUnicodeString.BCCB(?,?,00000001,?,?,00000001,?,?,00000002,?,00000024,?,?,00000001,?,00000124), ref: 6F5A6602
                                                                                  • ZwClose.BCCB(00000000,?,00000001,?,00000124,00000000,00000000), ref: 6F5A663B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: EqualStringUnicode$CloseInitializeOpenQueryThunkValue
                                                                                  • String ID: 7fVo$LanmanNt$ProductType$ServerNt$WinNt$\Registry\Machine\System\CurrentControlSet\Control\ProductOptions
                                                                                  • API String ID: 1342846649-3701889821
                                                                                  • Opcode ID: 99368c6e2e52040b8d62a9e6b41258b71ff6260f531595b7ecae1382e61242bb
                                                                                  • Instruction ID: a38bdc34da3c9715bd7234ff5323c530cc9c0bdf68382098a7aa67af3ccb61ea
                                                                                  • Opcode Fuzzy Hash: 99368c6e2e52040b8d62a9e6b41258b71ff6260f531595b7ecae1382e61242bb
                                                                                  • Instruction Fuzzy Hash: 294148B2D0030CAADB10CFE8D981ADEB7B9EF89304F20512BE515AB240E7729D15CB55
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F395E, Relevance: 19.7, APIs: 13, Instructions: 172COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 83%
                                                                                  			E6F4F395E(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t67;
				void* _t77;
				intOrPtr* _t81;
				signed int _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr* _t104;
				void* _t112;
				long _t113;
				signed int _t114;
				void* _t123;

				_v8 =  *0x6f5ed360 ^ _t114;
				_v16 = __edx;
				_t93 = 0;
				_t112 = __ecx;
				_v12 = _v12 & 0;
				E6F51FAD0( *0x6f5e84cc + 4);
				_t110 =  *0x6f5e84cc + 8;
				_t97 =  *_t110;
				while(_t97 != _t110) {
					_t113 = _t97 - 0x1c;
					_t67 =  *((intOrPtr*)(_t112 + 0xc));
					if( *((intOrPtr*)(_t113 + 0x10)) !=  *((intOrPtr*)(_t112 + 8)) ||  *((intOrPtr*)(_t113 + 0x14)) != _t67 ||  *((intOrPtr*)(_t113 + 8)) !=  *_t112) {
						L21:
						_t97 =  *_t97;
						continue;
					} else {
						_t69 =  *((intOrPtr*)(_t113 + 0xc));
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t112 + 4))) {
							goto L21;
						}
						_t94 = _t113 + 0x28;
						E6F512280(_t69, _t94);
						if( *(_t113 + 0x5c) == 2) {
							__eflags = _v16;
							if(_v16 == 0) {
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0,  *(_t113 + 0x58));
								 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
								 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & 0x00000000;
								L8:
								asm("lock inc dword [esi+0x50]");
								 *(_t113 + 0x5c) = 1;
								E6F50FFB0(_t94, _t112, _t94);
								_t123 =  *0x6f5e84cc + 4;
								E6F51FA00(_t94, _t97, _t112,  *0x6f5e84cc + 4);
								while(1) {
									_t95 = 0;
									_t77 = E6F4F3ACA(0, _t112, _t113, _t112, _t113, _t123, 0);
									_t124 = _t77 - 0xc000022d;
									if(_t77 == 0xc000022d) {
										_t95 = 0xc000022d;
									}
									_t110 = _t113;
									if(E6F4F3ACA(_t95, _t112, _t113, _t112, _t113, _t124, 1) == 0xc000022d) {
										_t93 = 0xc000022d;
									}
									E6F512280(_t113 + 0x28, _t113 + 0x28);
									_v12 = _v12 + 1;
									_t104 = _t113 + 0x2c;
									_t81 =  *_t104;
									while(_t81 != _t104) {
										 *(_t81 + 0x60) =  *(_t81 + 0x60) & 0x00000000;
										_t81 =  *_t81;
									}
									if( *(_t113 + 0x58) != 0) {
										_t112 =  *(_t113 + 0x58);
										 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
										E6F50FFB0(_t93, _t112, _t113 + 0x28);
										continue;
									}
									if(_t93 != 0) {
										__eflags = _t93 - 0xc000022d;
										if(_t93 == 0xc000022d) {
											 *(_t113 + 0x58) = _t112;
											 *(_t113 + 0x5c) = 2;
											E6F582DA1(_t113);
										}
										L17:
										E6F50FFB0(_t93, _t112, _t113 + 0x28);
										E6F52DE9E(_t113);
										L18:
										if(_v12 > 1) {
											_t113 = 0;
											_t49 = _t112 + 8; // 0x8
											_push(0);
											_push(0);
											_push(_t93);
											_push( *((intOrPtr*)(_t112 + 0x18)));
											_push(_t112);
											E6F53A3A0();
											__eflags = _t93;
											if(_t93 == 0) {
												RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t112);
											}
											_t93 = 0x80;
										}
										return E6F53B640(_t93, _t93, _v8 ^ _t114, _t110, _t112, _t113);
									}
									 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & _t93;
									if( *((intOrPtr*)(_t113 + 0x18)) != _t93) {
										__eflags =  *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18));
										if( *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18)) > 0) {
											goto L16;
										}
										goto L17;
									}
									L16:
									 *((intOrPtr*)(_t113 + 0x18)) =  *((intOrPtr*)(_t112 + 0x10));
									goto L17;
								}
							}
							_push(_t94);
							L27:
							E6F50FFB0(_t94, _t112);
							_t93 = 0x80;
							break;
						}
						if( *(_t113 + 0x5c) == 1) {
							__eflags = _v16;
							_push(_t94);
							if(_v16 != 0) {
								goto L27;
							}
							 *(_t113 + 0x58) = _t112;
							E6F50FFB0(_t94, _t112);
							_t93 = 0x103;
							break;
						}
						goto L8;
					}
				}
				E6F51FA00(_t93, _t97, _t112,  *0x6f5e84cc + 4);
				goto L18;
			}





















                                                                                  0x6f4f396d
                                                                                  0x6f4f397b
                                                                                  0x6f4f397e
                                                                                  0x6f4f3980
                                                                                  0x6f4f3982
                                                                                  0x6f4f3986
                                                                                  0x6f4f3991
                                                                                  0x6f4f3994
                                                                                  0x6f4f3996
                                                                                  0x6f4f39a1
                                                                                  0x6f4f39a7
                                                                                  0x6f4f39aa
                                                                                  0x6f4f3aa7
                                                                                  0x6f4f3aa7
                                                                                  0x00000000
                                                                                  0x6f4f39c4
                                                                                  0x6f4f39c4
                                                                                  0x6f4f39ca
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f39d0
                                                                                  0x6f4f39d4
                                                                                  0x6f4f39dd
                                                                                  0x6f54fffc
                                                                                  0x6f550000
                                                                                  0x6f550020
                                                                                  0x6f550025
                                                                                  0x6f550029
                                                                                  0x6f4f39ed
                                                                                  0x6f4f39ed
                                                                                  0x6f4f39f2
                                                                                  0x6f4f39f9
                                                                                  0x6f4f3a03
                                                                                  0x6f4f3a07
                                                                                  0x6f4f3a0c
                                                                                  0x6f4f3a0c
                                                                                  0x6f4f3a13
                                                                                  0x6f4f3a1d
                                                                                  0x6f4f3a1f
                                                                                  0x6f55004b
                                                                                  0x6f55004b
                                                                                  0x6f4f3a27
                                                                                  0x6f4f3a37
                                                                                  0x6f550052
                                                                                  0x6f550052
                                                                                  0x6f4f3a41
                                                                                  0x6f4f3a46
                                                                                  0x6f4f3a49
                                                                                  0x6f4f3a4c
                                                                                  0x6f4f3a4e
                                                                                  0x6f4f3a9f
                                                                                  0x6f4f3aa3
                                                                                  0x6f4f3aa3
                                                                                  0x6f4f3a56
                                                                                  0x6f550059
                                                                                  0x6f55005f
                                                                                  0x6f550064
                                                                                  0x00000000
                                                                                  0x6f550064
                                                                                  0x6f4f3a5e
                                                                                  0x6f550073
                                                                                  0x6f550075
                                                                                  0x6f55007d
                                                                                  0x6f550080
                                                                                  0x6f550087
                                                                                  0x6f550087
                                                                                  0x6f4f3a72
                                                                                  0x6f4f3a76
                                                                                  0x6f4f3a7d
                                                                                  0x6f4f3a82
                                                                                  0x6f4f3a86
                                                                                  0x6f550091
                                                                                  0x6f550093
                                                                                  0x6f550096
                                                                                  0x6f550097
                                                                                  0x6f550098
                                                                                  0x6f550099
                                                                                  0x6f55009c
                                                                                  0x6f55009e
                                                                                  0x6f5500a3
                                                                                  0x6f5500a5
                                                                                  0x6f5500b2
                                                                                  0x6f5500b2
                                                                                  0x6f5500b7
                                                                                  0x6f5500b7
                                                                                  0x6f4f3a9e
                                                                                  0x6f4f3a9e
                                                                                  0x6f4f3a64
                                                                                  0x6f4f3a6a
                                                                                  0x6f4f3ac4
                                                                                  0x6f4f3ac6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3ac8
                                                                                  0x6f4f3a6c
                                                                                  0x6f4f3a6f
                                                                                  0x00000000
                                                                                  0x6f4f3a6f
                                                                                  0x6f4f3a0c
                                                                                  0x6f550002
                                                                                  0x6f550003
                                                                                  0x6f550003
                                                                                  0x6f550008
                                                                                  0x00000000
                                                                                  0x6f550008
                                                                                  0x6f4f39e7
                                                                                  0x6f550032
                                                                                  0x6f550036
                                                                                  0x6f550037
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f550039
                                                                                  0x6f55003c
                                                                                  0x6f550041
                                                                                  0x00000000
                                                                                  0x6f550041
                                                                                  0x00000000
                                                                                  0x6f4f39e7
                                                                                  0x6f4f39aa
                                                                                  0x6f4f3ab7
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(?,00000000,00000000,00000000), ref: 6F4F3986
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,00000000,00000000), ref: 6F4F39D4
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?), ref: 6F4F39F9
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,?), ref: 6F4F3A07
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,00000001,00000000,?,?), ref: 6F4F3A41
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,00000001,00000000,?,?), ref: 6F4F3A76
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,?,00000000,00000000,00000000), ref: 6F4F3AB7
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Lock$ExclusiveRelease$AcquireShared
                                                                                  • String ID:
                                                                                  • API String ID: 1363392280-0
                                                                                  • Opcode ID: cef3bdc02fd8037190830c0234720e7e4163803138f163be58a8d01c7b38a822
                                                                                  • Instruction ID: 068c0042bac59f982dfe808b3ef2cd263a9da63d0366898e1f4735ab1559f777
                                                                                  • Opcode Fuzzy Hash: cef3bdc02fd8037190830c0234720e7e4163803138f163be58a8d01c7b38a822
                                                                                  • Instruction Fuzzy Hash: CF517C71A057419BDB20DF6AC581F6AB7E9EF8531DF00452ED01A87A50DB74FC4ACB82
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51A830, Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 350COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 70%
                                                                                  			E6F51A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x6f5e8748 - 1;
					if( *0x6f5e8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E6F4FB150();
									_t260 = _t257 + 4;
								} else {
									E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E6F4FB150();
								_t257 = _t260 + 4;
								__eflags =  *0x6f5e7bc8;
								if(__eflags == 0) {
									E6F5B2073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E6F5BA80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E6F54D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E6F51AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E6F5BA80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E6F5BA80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x6f5e8748 - 1;
					if( *0x6f5e8748 >= 1) {
						_t131 = _t256 + 0x00000fff & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E6F4FB150();
							} else {
								E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E6F4FB150();
							__eflags =  *0x6f5e7bc8;
							if(__eflags == 0) {
								_t131 = E6F5B2073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                  0x6f51a83a
                                                                                  0x6f51a83c
                                                                                  0x6f51a83e
                                                                                  0x6f51a841
                                                                                  0x6f51a844
                                                                                  0x6f51a84a
                                                                                  0x6f51aa53
                                                                                  0x6f51aa59
                                                                                  0x6f51aa59
                                                                                  0x6f51a858
                                                                                  0x6f51a85e
                                                                                  0x6f51aaf5
                                                                                  0x6f51aafc
                                                                                  0x6f56229e
                                                                                  0x6f5622a2
                                                                                  0x6f5622a8
                                                                                  0x6f5622b3
                                                                                  0x6f5622b5
                                                                                  0x6f5622bb
                                                                                  0x6f5622c1
                                                                                  0x6f5622c5
                                                                                  0x6f5622e6
                                                                                  0x6f5622eb
                                                                                  0x6f5622f0
                                                                                  0x6f5622c7
                                                                                  0x6f5622dc
                                                                                  0x6f5622e1
                                                                                  0x6f5622e1
                                                                                  0x6f5622f3
                                                                                  0x6f5622f8
                                                                                  0x6f5622fd
                                                                                  0x6f562300
                                                                                  0x6f562307
                                                                                  0x6f56230e
                                                                                  0x6f56230e
                                                                                  0x6f562313
                                                                                  0x6f562313
                                                                                  0x6f5622b5
                                                                                  0x6f5622a2
                                                                                  0x6f51aafc
                                                                                  0x6f51a864
                                                                                  0x6f51a869
                                                                                  0x6f51aa5c
                                                                                  0x6f51aa5e
                                                                                  0x6f51a86f
                                                                                  0x6f51a87f
                                                                                  0x6f51a885
                                                                                  0x6f51a885
                                                                                  0x6f51a88b
                                                                                  0x6f51a890
                                                                                  0x6f51a896
                                                                                  0x6f51ab0c
                                                                                  0x6f51ab0f
                                                                                  0x6f51ab15
                                                                                  0x6f562320
                                                                                  0x6f562320
                                                                                  0x6f51ab1b
                                                                                  0x6f51a89c
                                                                                  0x6f51a89f
                                                                                  0x6f51a8a2
                                                                                  0x6f51a8a2
                                                                                  0x6f51a8a5
                                                                                  0x6f51a8af
                                                                                  0x6f51a8b3
                                                                                  0x6f51a8b8
                                                                                  0x6f51aa66
                                                                                  0x6f51a8be
                                                                                  0x6f51a8c5
                                                                                  0x6f51a8c6
                                                                                  0x6f51a8ce
                                                                                  0x6f562328
                                                                                  0x6f562332
                                                                                  0x6f562337
                                                                                  0x6f562337
                                                                                  0x6f51a8ce
                                                                                  0x6f51a8d4
                                                                                  0x6f51a8d8
                                                                                  0x6f51a8db
                                                                                  0x6f51a8de
                                                                                  0x6f51a8e1
                                                                                  0x6f51a8e5
                                                                                  0x6f51a8e8
                                                                                  0x6f51a8f0
                                                                                  0x6f51a8f3
                                                                                  0x6f56234c
                                                                                  0x6f562350
                                                                                  0x6f562355
                                                                                  0x6f562359
                                                                                  0x6f562359
                                                                                  0x6f51a8f9
                                                                                  0x6f51a901
                                                                                  0x6f51aae4
                                                                                  0x6f51aae4
                                                                                  0x6f51aaea
                                                                                  0x00000000
                                                                                  0x6f51a907
                                                                                  0x6f51a90a
                                                                                  0x6f51a91d
                                                                                  0x6f51a91d
                                                                                  0x00000000
                                                                                  0x6f51a910
                                                                                  0x6f51a910
                                                                                  0x6f51a910
                                                                                  0x6f51a914
                                                                                  0x6f51a924
                                                                                  0x6f51a924
                                                                                  0x6f51a924
                                                                                  0x6f51a924
                                                                                  0x6f51a916
                                                                                  0x6f51a91b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f51a91b
                                                                                  0x6f51a925
                                                                                  0x6f51a925
                                                                                  0x6f51a932
                                                                                  0x6f51a936
                                                                                  0x6f51a93c
                                                                                  0x6f51a93c
                                                                                  0x6f51a93c
                                                                                  0x6f51ab22
                                                                                  0x6f51ab24
                                                                                  0x6f51ab27
                                                                                  0x6f51ab27
                                                                                  0x6f51a942
                                                                                  0x6f51a944
                                                                                  0x6f51aaba
                                                                                  0x6f51aabd
                                                                                  0x6f51aac0
                                                                                  0x6f51aac0
                                                                                  0x6f51aac2
                                                                                  0x6f51ab2f
                                                                                  0x6f51aac4
                                                                                  0x6f51aac4
                                                                                  0x6f51aac7
                                                                                  0x6f51aaca
                                                                                  0x6f51aacc
                                                                                  0x6f51aace
                                                                                  0x6f51aace
                                                                                  0x6f51aace
                                                                                  0x6f51aad1
                                                                                  0x6f51aad1
                                                                                  0x6f51aad7
                                                                                  0x6f51aad9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f562361
                                                                                  0x6f562369
                                                                                  0x6f56236b
                                                                                  0x00000000
                                                                                  0x6f562371
                                                                                  0x00000000
                                                                                  0x6f562371
                                                                                  0x00000000
                                                                                  0x6f56236b
                                                                                  0x6f51aac0
                                                                                  0x6f51a94a
                                                                                  0x6f51a94a
                                                                                  0x6f51a94d
                                                                                  0x6f51a94d
                                                                                  0x6f51a950
                                                                                  0x6f51a954
                                                                                  0x6f562376
                                                                                  0x6f562380
                                                                                  0x6f51a95a
                                                                                  0x6f51a95a
                                                                                  0x6f51a95c
                                                                                  0x6f51a95f
                                                                                  0x6f51a961
                                                                                  0x6f51a961
                                                                                  0x6f51a967
                                                                                  0x6f51a96a
                                                                                  0x6f51a972
                                                                                  0x6f51aa02
                                                                                  0x6f51aa06
                                                                                  0x6f51aa10
                                                                                  0x6f51aa16
                                                                                  0x6f51aa16
                                                                                  0x6f51aa1b
                                                                                  0x6f51aa21
                                                                                  0x6f51aa24
                                                                                  0x6f51aa27
                                                                                  0x6f51aa29
                                                                                  0x6f51aa2c
                                                                                  0x6f51aa32
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f51a978
                                                                                  0x6f51a978
                                                                                  0x6f51a97b
                                                                                  0x6f51a981
                                                                                  0x6f51a996
                                                                                  0x6f51a998
                                                                                  0x6f51a99f
                                                                                  0x6f51a9a2
                                                                                  0x6f56238a
                                                                                  0x6f51a9a8
                                                                                  0x6f51a9a8
                                                                                  0x6f51a9a8
                                                                                  0x6f51a9aa
                                                                                  0x6f51a9ad
                                                                                  0x6f51a9b0
                                                                                  0x6f51a9bb
                                                                                  0x6f51a9be
                                                                                  0x6f51a9c7
                                                                                  0x6f51a9c9
                                                                                  0x6f51a9c9
                                                                                  0x6f51a9cc
                                                                                  0x6f51a9d1
                                                                                  0x6f51aa6d
                                                                                  0x6f51aa70
                                                                                  0x6f51aa73
                                                                                  0x6f51aa75
                                                                                  0x6f51aa79
                                                                                  0x6f51aa7e
                                                                                  0x6f51aa82
                                                                                  0x6f51aa8f
                                                                                  0x6f51aa94
                                                                                  0x6f51aa96
                                                                                  0x6f562392
                                                                                  0x6f5623a1
                                                                                  0x6f5623a1
                                                                                  0x6f51aa9c
                                                                                  0x6f51aa9f
                                                                                  0x6f51aaa2
                                                                                  0x6f51aaa2
                                                                                  0x6f51aaa8
                                                                                  0x6f51aaab
                                                                                  0x6f51aaaf
                                                                                  0x00000000
                                                                                  0x6f51aab5
                                                                                  0x00000000
                                                                                  0x6f51aab5
                                                                                  0x6f51a9d7
                                                                                  0x6f51a9d7
                                                                                  0x6f51a9da
                                                                                  0x6f51a9e0
                                                                                  0x6f51a9e3
                                                                                  0x6f51a9e6
                                                                                  0x6f51a9e9
                                                                                  0x6f51a9eb
                                                                                  0x6f51a9fd
                                                                                  0x6f51a9fd
                                                                                  0x00000000
                                                                                  0x6f51a9eb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f51a983
                                                                                  0x6f51a983
                                                                                  0x6f51a983
                                                                                  0x6f51a987
                                                                                  0x6f51a995
                                                                                  0x6f51a995
                                                                                  0x6f51a995
                                                                                  0x6f51a995
                                                                                  0x6f51a989
                                                                                  0x6f51a98e
                                                                                  0x00000000
                                                                                  0x6f51a990
                                                                                  0x00000000
                                                                                  0x6f51a990
                                                                                  0x6f51a98e
                                                                                  0x00000000
                                                                                  0x6f51a983
                                                                                  0x6f51a972
                                                                                  0x6f51a90a
                                                                                  0x6f51aa34
                                                                                  0x6f51aa34
                                                                                  0x6f51aa40
                                                                                  0x6f51aa43
                                                                                  0x6f51aa46
                                                                                  0x6f51aa4d
                                                                                  0x6f5623ab
                                                                                  0x6f5623b2
                                                                                  0x6f5623be
                                                                                  0x6f5623c3
                                                                                  0x6f5623c5
                                                                                  0x6f5623cb
                                                                                  0x6f5623d1
                                                                                  0x6f5623d5
                                                                                  0x6f5623f6
                                                                                  0x6f5623fb
                                                                                  0x6f5623d7
                                                                                  0x6f5623ec
                                                                                  0x6f5623f1
                                                                                  0x6f562403
                                                                                  0x6f562408
                                                                                  0x6f562410
                                                                                  0x6f562417
                                                                                  0x6f562422
                                                                                  0x6f562422
                                                                                  0x6f562417
                                                                                  0x6f5623c5
                                                                                  0x6f5623b2
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,-00000018,?,?,?,?,?,?,?,?,?,6F51A3D0,?,?,-00000018), ref: 6F5622DC
                                                                                  • DbgPrint.BCCB(((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)),?,?,?,?,?,?,?,?,6F51A3D0,?,?,-00000018,?), ref: 6F5622F8
                                                                                  Strings
                                                                                  • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 6F562403
                                                                                  • HEAP[%wZ]: , xrefs: 6F5622D7, 6F5623E7
                                                                                  • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 6F5622F3
                                                                                  • HEAP: , xrefs: 6F5622E6, 6F5623F6
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                  • API String ID: 3558298466-1657114761
                                                                                  • Opcode ID: 85703fb64fd13edcef95d3c2ed2276bb63379c4599026cff6133b99be9fd7e9a
                                                                                  • Instruction ID: 43998d798ebba1dfcbc774dcc08d66dcff13762c9b0f4163531e96acaf34b6be
                                                                                  • Opcode Fuzzy Hash: 85703fb64fd13edcef95d3c2ed2276bb63379c4599026cff6133b99be9fd7e9a
                                                                                  • Instruction Fuzzy Hash: BAD1B030A086459FEB16CF68C590BAAB7F1FF85304F11867AD8599B741E334BC89CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F530F48, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 188nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 74%
                                                                                  			E6F530F48(signed short* __ecx, long* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed short* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed short _v36;
				signed int _v40;
				long* _v48;
				char _v52;
				char _v56;
				char _v57;
				char _v58;
				intOrPtr _v60;
				void* _v64;
				void* _t60;
				void* _t66;
				void* _t69;
				void* _t72;
				intOrPtr _t87;
				char _t93;
				signed int* _t95;
				intOrPtr _t97;
				signed int _t101;
				intOrPtr _t104;
				signed int _t107;
				signed short _t109;
				char _t110;
				intOrPtr _t111;
				intOrPtr* _t114;
				intOrPtr _t116;
				void* _t117;
				signed int _t118;
				void* _t120;

				_t120 = (_t118 & 0xfffffff8) - 0x3c;
				_v48 = __edx;
				_t87 = _a4;
				 *_a8 = 0;
				_t107 =  *__ecx & 0x0000ffff;
				_v52 = 0;
				_v56 = 0;
				_v57 = 0;
				_t101 = _t107;
				_t114 = __ecx[2] + _t101;
				_v40 = __ecx;
				if(_t87 != 0) {
					if(_t101 + 2 > (__ecx[1] & 0x0000ffff)) {
						L28:
						_t60 = 0xc000000d;
						goto L16;
					}
					_t93 = 0;
					if( *_t114 == 0) {
						goto L2;
					}
					goto L28;
				} else {
					_t93 = 0;
					L2:
					if(_t101 == 0) {
						L7:
						_t109 = _t107 - _t101;
						_v32 = _t114;
						_v36 = _t109;
						if((_t109 & 0x0000ffff) != _t109) {
							_t60 = 0xc0000023;
							L16:
							return _t60;
						}
						if(_t87 != 0) {
							_t116 = _v48;
							_v58 = 1;
							_t60 = E6F5310D7( &_v52, _t116, _t87);
						} else {
							_v58 = _t93;
							_t60 = E6F53108B( &_v52);
							_t116 = _v48;
						}
						if(_t60 < 0) {
							goto L16;
						} else {
							_t110 = _v52;
							_v20 =  &_v36;
							_v28 = 0x18;
							_v24 = _t110;
							_v16 = 0x240;
							_v12 = 0;
							_v8 = 0;
							if(_t87 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push( &_v28);
								_push(_t116);
								_push( &_v56);
								_t66 = E6F5396D0();
							} else {
								_push( &_v28);
								_push(_t116);
								_push( &_v56);
								_t66 = E6F539600();
							}
							_t117 = _t66;
							if(_v58 != 0) {
								_push(_t110);
								E6F5395D0();
							}
							if(_t117 >= 0) {
								_t95 =  &_v52;
								_v52 = _v56;
								_t69 = E6F4F8239(_t95, _v48, _v40);
								_t111 = _v56;
								_t117 = _t69;
								if(_t117 < 0) {
									L24:
									if(_t111 != 0) {
										_push(_t111);
										E6F5395D0();
									}
									goto L15;
								}
								_t104 = _v56;
								if(_v57 != 0 && _t111 == _t104 && _t87 != 0) {
									_push(_t95);
									_v52 = 0;
									_t72 = E6F588372( &_v52, _t104, _v48);
									_t111 = _v60;
									_t117 = _t72;
									if(_t117 >= 0) {
										_t117 = E6F506D30( &_v52, L"FilterFullPath");
										if(_t117 >= 0) {
											_t97 =  *((intOrPtr*)(_t120 + 0x24));
											_push( *(_t97 + 2) & 0x0000ffff);
											_push( *((intOrPtr*)(_t97 + 4)));
											_push(1);
											_push(0);
											_push( &_v52);
											_push(_t111);
											_t117 = E6F539B00();
											if(_t117 >= 0) {
												 *((intOrPtr*)(_t120 + 0x28)) = 1;
												_t117 = E6F506D30( &_v52, L"UseFilter");
												if(_t117 >= 0) {
													_push(4);
													_push(_t120 + 0x28);
													_push(4);
													_push(0);
													_push( &_v52);
													_push(_v60);
													_t117 = E6F539B00();
												}
											}
										}
									}
									_push(_v60);
									E6F5395D0();
								}
								if(_t117 < 0) {
									goto L24;
								} else {
									 *_a8 = _t111;
									goto L15;
								}
							} else {
								L15:
								_t60 = _t117;
								goto L16;
							}
						}
					}
					L3:
					L3:
					if( *((short*)(_t114 - 2)) == 0x5c) {
						_v57 = 1;
					} else {
						goto L4;
					}
					goto L7;
					L4:
					_t114 = _t114 + 0xfffffffe;
					_t101 = _t101;
					if(_t101 != 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
			}






































                                                                                  0x6f530f50
                                                                                  0x6f530f55
                                                                                  0x6f530f5f
                                                                                  0x6f530f63
                                                                                  0x6f530f69
                                                                                  0x6f530f6c
                                                                                  0x6f530f70
                                                                                  0x6f530f74
                                                                                  0x6f530f78
                                                                                  0x6f530f7a
                                                                                  0x6f530f7c
                                                                                  0x6f530f82
                                                                                  0x6f56cc82
                                                                                  0x6f56cc8f
                                                                                  0x6f56cc8f
                                                                                  0x00000000
                                                                                  0x6f56cc8f
                                                                                  0x6f56cc84
                                                                                  0x6f56cc89
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f530f88
                                                                                  0x6f530f88
                                                                                  0x6f530f8a
                                                                                  0x6f530f8c
                                                                                  0x6f530fa5
                                                                                  0x6f530fa5
                                                                                  0x6f530fa7
                                                                                  0x6f530fae
                                                                                  0x6f530fb5
                                                                                  0x6f56cc99
                                                                                  0x6f531029
                                                                                  0x6f53102f
                                                                                  0x6f53102f
                                                                                  0x6f530fbd
                                                                                  0x6f56cca3
                                                                                  0x6f56ccae
                                                                                  0x6f56ccb3
                                                                                  0x6f530fc3
                                                                                  0x6f530fc3
                                                                                  0x6f530fcb
                                                                                  0x6f530fd0
                                                                                  0x6f530fd0
                                                                                  0x6f530fd6
                                                                                  0x00000000
                                                                                  0x6f530fd8
                                                                                  0x6f530fd8
                                                                                  0x6f530fe0
                                                                                  0x6f530fe6
                                                                                  0x6f530fee
                                                                                  0x6f530ff2
                                                                                  0x6f530ffa
                                                                                  0x6f530ffe
                                                                                  0x6f531004
                                                                                  0x6f56ccbd
                                                                                  0x6f56ccbe
                                                                                  0x6f56ccbf
                                                                                  0x6f56ccc0
                                                                                  0x6f56ccc5
                                                                                  0x6f56ccc6
                                                                                  0x6f56cccb
                                                                                  0x6f56cccc
                                                                                  0x6f53100a
                                                                                  0x6f53100e
                                                                                  0x6f53100f
                                                                                  0x6f531014
                                                                                  0x6f531015
                                                                                  0x6f531015
                                                                                  0x6f53101f
                                                                                  0x6f531021
                                                                                  0x6f531077
                                                                                  0x6f531078
                                                                                  0x6f531078
                                                                                  0x6f531025
                                                                                  0x6f531036
                                                                                  0x6f531042
                                                                                  0x6f531046
                                                                                  0x6f53104b
                                                                                  0x6f53104f
                                                                                  0x6f531053
                                                                                  0x6f53107f
                                                                                  0x6f531081
                                                                                  0x6f531083
                                                                                  0x6f531084
                                                                                  0x6f531084
                                                                                  0x00000000
                                                                                  0x6f531081
                                                                                  0x6f53105a
                                                                                  0x6f53105e
                                                                                  0x6f56ccd6
                                                                                  0x6f56cce1
                                                                                  0x6f56cce5
                                                                                  0x6f56ccea
                                                                                  0x6f56ccee
                                                                                  0x6f56ccf2
                                                                                  0x6f56cd03
                                                                                  0x6f56cd07
                                                                                  0x6f56cd09
                                                                                  0x6f56cd11
                                                                                  0x6f56cd12
                                                                                  0x6f56cd19
                                                                                  0x6f56cd1b
                                                                                  0x6f56cd1c
                                                                                  0x6f56cd1d
                                                                                  0x6f56cd23
                                                                                  0x6f56cd27
                                                                                  0x6f56cd32
                                                                                  0x6f56cd40
                                                                                  0x6f56cd44
                                                                                  0x6f56cd46
                                                                                  0x6f56cd4c
                                                                                  0x6f56cd4d
                                                                                  0x6f56cd4f
                                                                                  0x6f56cd54
                                                                                  0x6f56cd55
                                                                                  0x6f56cd5e
                                                                                  0x6f56cd5e
                                                                                  0x6f56cd44
                                                                                  0x6f56cd27
                                                                                  0x6f56cd07
                                                                                  0x6f56cd60
                                                                                  0x6f56cd64
                                                                                  0x6f56cd64
                                                                                  0x6f53106e
                                                                                  0x00000000
                                                                                  0x6f531070
                                                                                  0x6f531073
                                                                                  0x00000000
                                                                                  0x6f531073
                                                                                  0x6f531027
                                                                                  0x6f531027
                                                                                  0x6f531027
                                                                                  0x00000000
                                                                                  0x6f531027
                                                                                  0x6f531025
                                                                                  0x6f530fd6
                                                                                  0x00000000
                                                                                  0x6f530f8e
                                                                                  0x6f530f93
                                                                                  0x6f530fa0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f530f95
                                                                                  0x6f530f95
                                                                                  0x6f530f99
                                                                                  0x6f530f9c
                                                                                  0x00000000
                                                                                  0x6f530f9e
                                                                                  0x00000000
                                                                                  0x6f530f9e
                                                                                  0x6f530f9c

                                                                                  APIs
                                                                                  • ZwOpenKey.BCCB(?,?,00000018), ref: 6F531015
                                                                                  • ZwClose.BCCB(?,?,?,00000018), ref: 6F531078
                                                                                  • ZwClose.BCCB(?,?,?,?,?,00000018), ref: 6F531084
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Close$Open
                                                                                  • String ID: FilterFullPath$UseFilter
                                                                                  • API String ID: 2976201327-4106802152
                                                                                  • Opcode ID: e76ee8e68a87f42194e0d5776392409ca462bf91028686e14e840456a7e74063
                                                                                  • Instruction ID: 0a52aed3362e239764b4a14013e0f3979fc39499e55af10e0c36112cfb44f757
                                                                                  • Opcode Fuzzy Hash: e76ee8e68a87f42194e0d5776392409ca462bf91028686e14e840456a7e74063
                                                                                  • Instruction Fuzzy Hash: 6461B272D087619BD710CF398440A6BBBE9AFC9758F054A3EF89497250E730ED498B92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5CF019, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 105memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 38%
                                                                                  			E6F5CF019(intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				void* _t39;
				intOrPtr _t55;
				long _t56;
				intOrPtr* _t63;
				intOrPtr _t64;
				void* _t65;

				_v12 = _v12 & 0x00000000;
				_t55 = __edx;
				_t64 = __ecx;
				_v20 = __edx;
				_v24 = __ecx;
				RtlInitUnicodeString( &_v40, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\CommonGlobUserSettings\\");
				_t63 = _a8;
				_t56 = E6F5CF13B(_t64, _t55,  &_v40, _t63,  &_v12);
				if(_t56 >= 0 && _v12 == 2) {
					_t56 = 0;
					_v16 = 0;
					_v8 = 0;
					RtlInitUnicodeString( &_v32, L"RedirectedKey");
					_t39 =  *0x6f4d6cc8( *_t63,  &_v32, 2, 0, 0,  &_v8);
					if(_v8 > 0 && (_t39 == 0xc0000023 || _t39 == 0x80000005)) {
						_t65 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v8);
						if(_t65 != 0) {
							_push( &_v8);
							_push(_v8);
							_push(_t65);
							_push(2);
							_push( &_v32);
							_push( *_t63);
							if( *0x6f4d6cc8() >= 0 &&  *((intOrPtr*)(_t65 + 4)) == 1) {
								_t22 = _t65 + 0xc; // 0xc
								RtlInitUnicodeString( &_v48, _t22);
								if(E6F5CF13B(_v24, _v20,  &_v48,  &_v16,  &_v12) >= 0) {
									 *0x6f4d6cc4( *_t63);
									 *_t63 = _v16;
								}
							}
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t65);
						}
					}
				}
				return _t56;
			}

















                                                                                  0x6f5cf021
                                                                                  0x6f5cf030
                                                                                  0x6f5cf032
                                                                                  0x6f5cf035
                                                                                  0x6f5cf038
                                                                                  0x6f5cf03b
                                                                                  0x6f5cf041
                                                                                  0x6f5cf056
                                                                                  0x6f5cf05a
                                                                                  0x6f5cf072
                                                                                  0x6f5cf075
                                                                                  0x6f5cf078
                                                                                  0x6f5cf07b
                                                                                  0x6f5cf08f
                                                                                  0x6f5cf098
                                                                                  0x6f5cf0c3
                                                                                  0x6f5cf0c7
                                                                                  0x6f5cf0cc
                                                                                  0x6f5cf0cd
                                                                                  0x6f5cf0d3
                                                                                  0x6f5cf0d4
                                                                                  0x6f5cf0d6
                                                                                  0x6f5cf0d7
                                                                                  0x6f5cf0e1
                                                                                  0x6f5cf0e9
                                                                                  0x6f5cf0f1
                                                                                  0x6f5cf110
                                                                                  0x6f5cf114
                                                                                  0x6f5cf11d
                                                                                  0x6f5cf11d
                                                                                  0x6f5cf110
                                                                                  0x6f5cf12b
                                                                                  0x6f5cf12b
                                                                                  0x6f5cf0c7
                                                                                  0x6f5cf098
                                                                                  0x6f5cf138

                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB(?,\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\,02000000,?,00000000), ref: 6F5CF03B
                                                                                    • Part of subcall function 6F5CF13B: ZwOpenKey.BCCB(?,02000000,?,?,02000000,00000000), ref: 6F5CF182
                                                                                    • Part of subcall function 6F5CF13B: ZwCreateKey.BCCB(?,02000000,00000018,00000000,00000000,00000000,6F5CF056), ref: 6F5CF19F
                                                                                  • RtlInitUnicodeString.BCCB(?,RedirectedKey,?,?,00000000), ref: 6F5CF07B
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,00000000,00000000,?), ref: 6F5CF08F
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?), ref: 6F5CF0BE
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,00000000,?,?,?), ref: 6F5CF0D9
                                                                                  • RtlInitUnicodeString.BCCB(?,0000000C), ref: 6F5CF0F1
                                                                                  • ZwClose.BCCB(?,?,?,00000002), ref: 6F5CF114
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000), ref: 6F5CF12B
                                                                                  Strings
                                                                                  • RedirectedKey, xrefs: 6F5CF06A
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 6F5CF02B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitStringUnicode$HeapQueryValue$AllocateCloseCreateFreeOpen
                                                                                  • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                                                  • API String ID: 1683559675-1388552009
                                                                                  • Opcode ID: f9c44e3d562e2bdfd7e6688cd905c1267ada3f3c402ca9244fd19fd6d2541b52
                                                                                  • Instruction ID: fb83fbef25b67b5d37f1f2f84de66dd77881f8f910a044a993b5a69326fd36ca
                                                                                  • Opcode Fuzzy Hash: f9c44e3d562e2bdfd7e6688cd905c1267ada3f3c402ca9244fd19fd6d2541b52
                                                                                  • Instruction Fuzzy Hash: 1B310A71E01609AFDB11DFD4C984E9EBBFCEB49754F10406AE505E2250DB30AE1ACB61
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F6800, Relevance: 16.9, APIs: 11, Instructions: 373memoryCOMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 98%
                                                                                  			E6F4F6800(void* __ebx, void* __edi, void* __esi, void** _a4, signed short* _a8, intOrPtr _a12, signed short* _a16, signed short* _a20, void* _a24, intOrPtr* _a28, intOrPtr* _a32, intOrPtr* _a36, intOrPtr* _a40, signed char _a44) {
				char _v5;
				void* _v12;
				void _v16;
				int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				long _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t131;
				intOrPtr* _t132;
				int _t153;
				long _t154;
				void* _t158;
				void _t162;
				void* _t194;
				int _t196;
				void* _t205;
				void* _t206;
				signed short* _t207;
				void* _t209;
				signed int _t211;
				intOrPtr* _t212;
				signed short* _t213;
				signed int _t215;
				signed short* _t217;
				void* _t219;
				void _t228;
				void _t229;
				signed int _t238;
				intOrPtr _t256;
				void* _t262;
				short _t268;
				intOrPtr _t269;
				signed int _t271;
				void* _t272;
				intOrPtr* _t273;
				void* _t275;
				intOrPtr* _t276;
				long _t278;
				void* _t279;

				_t275 = __esi;
				_t272 = __edi;
				_t205 = __ebx;
				if((_a44 & 0xfffffffe) != 0) {
					L61:
					return 0xc000000d;
				}
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				if(E6F4F6BF3(_a8) < 0) {
					goto L61;
				}
				_t256 = _a12;
				_t215 = 0;
				if(_t256 != 0) {
					_t124 = E6F4F6BF3(_t256);
					_t215 = 0;
				} else {
					_t124 = 0;
				}
				if(_t124 < 0) {
					goto L61;
				} else {
					_push(_t205);
					_v5 = _t215;
					_v32 = _t215;
					_t217 = _a16;
					_t206 = 0x5c;
					if(_t217 == 0) {
						L12:
						_t207 = _a20;
						if(_t207 == 0) {
							_t125 = 0;
						} else {
							_t125 = E6F4F6BF3(_t207);
						}
						if(_t125 < 0) {
							L65:
							_t126 = 0xc000000d;
							goto L53;
						} else {
							_t218 = _a28;
							if(_a28 == 0) {
								_t219 = 0;
								_t127 = 0;
							} else {
								_t127 = E6F4F6BF3(_t218);
								_t219 = 0;
							}
							if(_t127 < 0) {
								goto L65;
							} else {
								_t128 = _a32;
								if(_a32 == 0) {
									_t129 = _t219;
								} else {
									_t129 = E6F4F6BF3(_t128);
									_t219 = 0;
								}
								if(_t129 < 0) {
									goto L65;
								} else {
									_push(_t275);
									_t276 = _a36;
									if(_t276 == 0) {
										_t130 = _t219;
									} else {
										_t130 = E6F4F6BF3(_t276);
										_t219 = 0;
									}
									if(_t130 < 0) {
										_t126 = 0xc000000d;
										goto L52;
									} else {
										_push(_t272);
										_t273 = _a40;
										if(_t273 == 0) {
											_t131 = _t219;
										} else {
											_t131 = E6F4F6BF3(_t273);
										}
										if(_t131 < 0) {
											_t126 = 0xc000000d;
											goto L51;
										} else {
											if(_t207 == 0) {
												_t207 = _a8;
												_a20 = _t207;
											}
											_t132 = _a28;
											if(_t132 == 0) {
												_t132 = 0x6f4d1ab0;
												_a28 = 0x6f4d1ab0;
											}
											if(_a32 == 0) {
												_a32 = 0x6f4d1ab0;
											}
											if(_t276 == 0) {
												_t276 = 0x6f4d1ab0;
												_a36 = 0x6f4d1ab0;
											}
											if(_t273 == 0) {
												_t273 = 0x6f4d1ab0;
											}
											_t209 = 3;
											_t278 = 0;
											_t228 = (( *_t207 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_t132 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + (( *_a8 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_a32 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + 0x4ac + (( *(_t276 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
											_v16 = _t228;
											if( *_t273 != 0) {
												_t228 = _t228 + (( *(_t273 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t228;
											}
											if(_t256 != 0) {
												_t229 = _t228 + (( *(_t256 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t229;
											}
											if(_a24 != _t278) {
												_t153 = E6F52585B(_a24, 1);
												_t229 = _v16;
											} else {
												_t153 =  *((intOrPtr*)(_v24 + 0x290));
											}
											_v20 = _t153;
											_t211 = _t153 + 0x00000003 & 0xfffffffc;
											if(_t211 < _t153) {
												L77:
												_t126 = 0xc0000095;
												goto L51;
											} else {
												while(1) {
													_t154 = _t211 + _t229;
													if(_t154 < _t229) {
														goto L77;
													}
													_t279 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t278, _t154);
													if(_t279 == 0) {
														_t126 = 0xc000009a;
														L51:
														L52:
														L53:
														return _t126;
													}
													_t158 = _t279 + _v16;
													_v12 = _t158;
													if(_a24 != 0) {
														memcpy(_t158, _a24, _v20);
														L42:
														memset(_t279, 0, 0x2a4);
														_t162 = _v16;
														 *_t279 = _t162;
														 *(_t279 + 4) = _t162;
														 *(_t279 + 0x290) = _t211;
														 *((intOrPtr*)(_t279 + 0xc)) = 0;
														_t53 = _t279 + 0x24; // 0x24
														_t212 = _t53;
														 *((intOrPtr*)(_t279 + 0x2c)) = 0;
														 *((intOrPtr*)(_t279 + 0x48)) = _v12;
														_t57 = _t279 + 0x2a4; // 0x2a4
														_v12 = _t57;
														 *((intOrPtr*)(_t279 + 8)) = 1;
														 *(_t279 + 0x14) =  *(_v24 + 0x14) & 1;
														_t169 = _a16;
														if(_a16 == 0) {
															L6F50EEF0(0x6f5e79a0);
															E6F4F6C14( &_v12, _t212, _v24 + 0x24, 0x208);
															E6F50EB70( &_v12, 0x6f5e79a0);
														} else {
															E6F4F6C14( &_v12, _t212, _t169, 0x208);
															if(_v5 != 0) {
																_t268 = 0x5c;
																 *((short*)( *((intOrPtr*)(_t279 + 0x28)) + _v32 * 2)) = _t268;
																_t194 = 2;
																 *_t212 =  *_t212 + _t194;
															}
														}
														_t234 = _a12;
														if(_a12 != 0) {
															_t104 = _t279 + 0x30; // 0x30
															E6F4F6C14( &_v12, _t104, _t234,  *(_t234 + 2) & 0x0000ffff);
														}
														_t72 = _t279 + 0x38; // 0x38
														E6F4F6C14( &_v12, _t72, _a8, ( *_a8 & 0x0000ffff) + 2);
														_t213 = _a20;
														_t75 = _t279 + 0x40; // 0x40
														_t262 = _t75;
														_t238 =  *_t213 & 0x0000ffff;
														_t180 = _t213[1] & 0x0000ffff;
														if(_t238 != (_t213[1] & 0x0000ffff)) {
															_t180 = _t238 + 2;
														}
														E6F4F6C14( &_v12, _t262, _t213, _t180);
														_t80 = _t279 + 0x70; // 0x70
														E6F4F6C14( &_v12, _t80, _a28,  *(_a28 + 2) & 0x0000ffff);
														_t84 = _t279 + 0x78; // 0x78
														E6F4F6C14( &_v12, _t84, _a32,  *(_a32 + 2) & 0x0000ffff);
														_t88 = _t279 + 0x80; // 0x80
														E6F4F6C14( &_v12, _t88, _a36,  *(_a36 + 2) & 0x0000ffff);
														if( *_t273 != 0) {
															_t118 = _t279 + 0x88; // 0x88
															E6F4F6C14( &_v12, _t118, _t273,  *(_t273 + 2) & 0x0000ffff);
														}
														if((_a44 & 0x00000001) == 0) {
															_t279 = E6F57BCB0(_t279);
														}
														_t126 = 0;
														 *_a4 = _t279;
														goto L51;
													}
													L6F50EEF0(0x6f5e79a0);
													_t269 = _v24;
													_t196 =  *(_t269 + 0x290);
													_v20 = _t196;
													_t251 = _t196 + 0x00000003 & 0xfffffffc;
													_v28 = _t196 + 0x00000003 & 0xfffffffc;
													if(_t196 > _t211) {
														E6F50EB70(_t251, 0x6f5e79a0);
														_t278 = 0;
														RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t279);
														_t211 = _v28;
														_t229 = _v16;
														if(_t211 >= _v20) {
															continue;
														}
														goto L77;
													}
													memcpy(_v12,  *(_t269 + 0x48), _t196);
													E6F50EB70(_t251, 0x6f5e79a0);
													_t211 = _v28;
													goto L42;
												}
												goto L77;
											}
										}
									}
								}
							}
						}
					}
					_t271 = ( *_t217 & 0x0000ffff) >> 1;
					_v32 = _t271;
					if(E6F4F6BF3(_t217) < 0 || _t271 == 0) {
						goto L65;
					} else {
						if( *((intOrPtr*)(_t217[2] + _t271 * 2 - 2)) == _t206) {
							L11:
							_t256 = _a12;
							goto L12;
						}
						if(_t271 > 0x103) {
							goto L65;
						}
						_v5 = 1;
						goto L11;
					}
				}
			}
















































                                                                                  0x6f4f6800
                                                                                  0x6f4f6800
                                                                                  0x6f4f6800
                                                                                  0x6f4f680f
                                                                                  0x6f551b26
                                                                                  0x00000000
                                                                                  0x6f551b26
                                                                                  0x6f4f6821
                                                                                  0x6f4f682b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f6831
                                                                                  0x6f4f6834
                                                                                  0x6f4f6838
                                                                                  0x6f4f6b68
                                                                                  0x6f4f6b6d
                                                                                  0x6f4f683e
                                                                                  0x6f4f683e
                                                                                  0x6f4f683e
                                                                                  0x6f4f6842
                                                                                  0x00000000
                                                                                  0x6f4f6848
                                                                                  0x6f4f6848
                                                                                  0x6f4f6849
                                                                                  0x6f4f684c
                                                                                  0x6f4f684f
                                                                                  0x6f4f6854
                                                                                  0x6f4f6857
                                                                                  0x6f4f6893
                                                                                  0x6f4f6893
                                                                                  0x6f4f6898
                                                                                  0x6f551b30
                                                                                  0x6f4f689e
                                                                                  0x6f4f68a0
                                                                                  0x6f4f68a0
                                                                                  0x6f4f68a7
                                                                                  0x6f551b47
                                                                                  0x6f551b47
                                                                                  0x00000000
                                                                                  0x6f4f68ad
                                                                                  0x6f4f68ad
                                                                                  0x6f4f68b2
                                                                                  0x6f551b37
                                                                                  0x6f551b39
                                                                                  0x6f4f68b8
                                                                                  0x6f4f68b8
                                                                                  0x6f4f68bd
                                                                                  0x6f4f68bd
                                                                                  0x6f4f68c1
                                                                                  0x00000000
                                                                                  0x6f4f68c7
                                                                                  0x6f4f68c7
                                                                                  0x6f4f68cc
                                                                                  0x6f551b40
                                                                                  0x6f4f68d2
                                                                                  0x6f4f68d4
                                                                                  0x6f4f68d9
                                                                                  0x6f4f68d9
                                                                                  0x6f4f68dd
                                                                                  0x00000000
                                                                                  0x6f4f68e3
                                                                                  0x6f4f68e3
                                                                                  0x6f4f68e4
                                                                                  0x6f4f68e9
                                                                                  0x6f551b51
                                                                                  0x6f4f68ef
                                                                                  0x6f4f68f1
                                                                                  0x6f4f68f6
                                                                                  0x6f4f68f6
                                                                                  0x6f4f68fa
                                                                                  0x6f551b58
                                                                                  0x00000000
                                                                                  0x6f4f6900
                                                                                  0x6f4f6900
                                                                                  0x6f4f6901
                                                                                  0x6f4f6906
                                                                                  0x6f551b62
                                                                                  0x6f4f690c
                                                                                  0x6f4f690e
                                                                                  0x6f4f690e
                                                                                  0x6f4f6915
                                                                                  0x6f551b69
                                                                                  0x00000000
                                                                                  0x6f4f691b
                                                                                  0x6f4f691d
                                                                                  0x6f551b73
                                                                                  0x6f551b76
                                                                                  0x6f551b76
                                                                                  0x6f4f6923
                                                                                  0x6f4f692d
                                                                                  0x6f551b7e
                                                                                  0x6f551b80
                                                                                  0x6f551b80
                                                                                  0x6f4f6937
                                                                                  0x6f551b88
                                                                                  0x6f551b88
                                                                                  0x6f4f693f
                                                                                  0x6f551b90
                                                                                  0x6f551b92
                                                                                  0x6f551b92
                                                                                  0x6f4f6947
                                                                                  0x6f551b9a
                                                                                  0x6f551b9a
                                                                                  0x6f4f6959
                                                                                  0x6f4f698f
                                                                                  0x6f4f6991
                                                                                  0x6f4f6993
                                                                                  0x6f4f6999
                                                                                  0x6f551baa
                                                                                  0x6f551bac
                                                                                  0x6f551bac
                                                                                  0x6f4f69a1
                                                                                  0x6f4f6b7d
                                                                                  0x6f4f6b7f
                                                                                  0x6f4f6b7f
                                                                                  0x6f4f69aa
                                                                                  0x6f4f6b8d
                                                                                  0x6f4f6b92
                                                                                  0x6f4f69b0
                                                                                  0x6f4f69b3
                                                                                  0x6f4f69b3
                                                                                  0x6f4f69bc
                                                                                  0x6f4f69bf
                                                                                  0x6f4f69c4
                                                                                  0x6f551bdf
                                                                                  0x6f551bdf
                                                                                  0x00000000
                                                                                  0x6f4f69ca
                                                                                  0x6f4f69ca
                                                                                  0x6f4f69ca
                                                                                  0x6f4f69cf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f69e5
                                                                                  0x6f4f69e9
                                                                                  0x6f551c0f
                                                                                  0x6f4f6b5d
                                                                                  0x6f4f6b5e
                                                                                  0x6f4f6b5f
                                                                                  0x00000000
                                                                                  0x6f4f6b5f
                                                                                  0x6f4f69f2
                                                                                  0x6f4f69f8
                                                                                  0x6f4f69fb
                                                                                  0x6f4f6ba1
                                                                                  0x6f4f6a44
                                                                                  0x6f4f6a4d
                                                                                  0x6f4f6a52
                                                                                  0x6f4f6a57
                                                                                  0x6f4f6a5a
                                                                                  0x6f4f6a62
                                                                                  0x6f4f6a68
                                                                                  0x6f4f6a6b
                                                                                  0x6f4f6a6b
                                                                                  0x6f4f6a6e
                                                                                  0x6f4f6a74
                                                                                  0x6f4f6a77
                                                                                  0x6f4f6a7d
                                                                                  0x6f4f6a83
                                                                                  0x6f4f6a8b
                                                                                  0x6f4f6a8e
                                                                                  0x6f4f6a93
                                                                                  0x6f4f6bb3
                                                                                  0x6f4f6bc9
                                                                                  0x6f4f6bd3
                                                                                  0x6f4f6a99
                                                                                  0x6f4f6aa4
                                                                                  0x6f4f6aad
                                                                                  0x6f4f6ab7
                                                                                  0x6f4f6aba
                                                                                  0x6f4f6abe
                                                                                  0x6f4f6abf
                                                                                  0x6f4f6abf
                                                                                  0x6f4f6aad
                                                                                  0x6f4f6ac2
                                                                                  0x6f4f6ac7
                                                                                  0x6f4f6be1
                                                                                  0x6f4f6be9
                                                                                  0x6f4f6be9
                                                                                  0x6f4f6ad0
                                                                                  0x6f4f6ade
                                                                                  0x6f4f6ae3
                                                                                  0x6f4f6ae6
                                                                                  0x6f4f6ae6
                                                                                  0x6f4f6ae9
                                                                                  0x6f4f6aec
                                                                                  0x6f4f6af3
                                                                                  0x6f4f6af5
                                                                                  0x6f4f6af5
                                                                                  0x6f4f6afd
                                                                                  0x6f4f6b05
                                                                                  0x6f4f6b11
                                                                                  0x6f4f6b19
                                                                                  0x6f4f6b25
                                                                                  0x6f4f6b2d
                                                                                  0x6f4f6b3c
                                                                                  0x6f4f6b46
                                                                                  0x6f551bed
                                                                                  0x6f551bf8
                                                                                  0x6f551bf8
                                                                                  0x6f4f6b50
                                                                                  0x6f551c08
                                                                                  0x6f551c08
                                                                                  0x6f4f6b59
                                                                                  0x6f4f6b5b
                                                                                  0x00000000
                                                                                  0x6f4f6b5b
                                                                                  0x6f4f6a06
                                                                                  0x6f4f6a0b
                                                                                  0x6f4f6a0e
                                                                                  0x6f4f6a14
                                                                                  0x6f4f6a1a
                                                                                  0x6f4f6a1d
                                                                                  0x6f4f6a22
                                                                                  0x6f551bb9
                                                                                  0x6f551bc5
                                                                                  0x6f551bcb
                                                                                  0x6f551bd0
                                                                                  0x6f551bd3
                                                                                  0x6f551bd9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551bd9
                                                                                  0x6f4f6a2f
                                                                                  0x6f4f6a3c
                                                                                  0x6f4f6a41
                                                                                  0x00000000
                                                                                  0x6f4f6a41
                                                                                  0x00000000
                                                                                  0x6f4f69ca
                                                                                  0x6f4f69c4
                                                                                  0x6f4f6915
                                                                                  0x6f4f68fa
                                                                                  0x6f4f68dd
                                                                                  0x6f4f68c1
                                                                                  0x6f4f68a7
                                                                                  0x6f4f685c
                                                                                  0x6f4f685e
                                                                                  0x6f4f6868
                                                                                  0x00000000
                                                                                  0x6f4f6876
                                                                                  0x6f4f687e
                                                                                  0x6f4f6890
                                                                                  0x6f4f6890
                                                                                  0x00000000
                                                                                  0x6f4f6890
                                                                                  0x6f4f6886
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f688c
                                                                                  0x00000000
                                                                                  0x6f4f688c
                                                                                  0x6f4f6868

                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?), ref: 6F4F69E0
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E79A0,?,00000000,?), ref: 6F4F6A06
                                                                                  • memcpy.BCCB(?,?,?,6F5E79A0,?,00000000,?), ref: 6F4F6A2F
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E79A0), ref: 6F4F6A3C
                                                                                  • memset.BCCB(00000000,00000000,000002A4,6F5E79A0), ref: 6F4F6A4D
                                                                                    • Part of subcall function 6F4F6C14: memcpy.BCCB(?,?,?,?,00000000,00000024,?,?,6F4F6BCE,?,00000208,6F5E79A0,?,?,6F5E79A0), ref: 6F4F6C39
                                                                                    • Part of subcall function 6F4F6C14: memset.BCCB(00000208,00000000,00000208,?,00000000,00000024,?,?,6F4F6BCE,?,00000208,6F5E79A0,?,?,6F5E79A0), ref: 6F4F6C71
                                                                                  • RtlDeNormalizeProcessParams.BCCB(00000000,?,?,00000000,?,?,?,?,?,?,-00000002,?,00000208), ref: 6F551C03
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSectionmemcpymemset$AllocateEnterHeapLeaveNormalizeParamsProcess
                                                                                  • String ID:
                                                                                  • API String ID: 2315816726-0
                                                                                  • Opcode ID: 3e1e4d163515179f054ebea3c27123e2d8f023433be484e256c29f2706dbb723
                                                                                  • Instruction ID: f04f49bc4c13831db5ce601310a46700774c2589c33b8c4b3ad38913bcf853cf
                                                                                  • Opcode Fuzzy Hash: 3e1e4d163515179f054ebea3c27123e2d8f023433be484e256c29f2706dbb723
                                                                                  • Instruction Fuzzy Hash: 84D1D271A012159BDB04CF68C990FAE77B5EF86314F04823EE869DB691E734ED46CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5751BE, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 173nativememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 77%
                                                                                  			E6F5751BE(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t101;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t108;
				signed int _t110;
				void* _t113;
				int _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x6f5d05f0);
				E6F54D0E8(__ebx, __edi, __esi);
				 *(_t118 - 0x80) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					L6F50EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *(_t118 - 0x80);
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E6F5753CA(0);
						return E6F54D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					memcpy(_t108, _t101, _t115);
					 *((short*)( *(_t118 - 0x80) + _t115)) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E6F513690(1, _t117, 0x6f4d1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *(_t118 - 0x70) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E6F53AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8,  *(_t118 - 0x70));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *(_t118 - 0x70));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E6F53AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E6F57500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t101 >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E6F539860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}























                                                                                  0x6f5751be
                                                                                  0x6f5751c3
                                                                                  0x6f5751c8
                                                                                  0x6f5751cd
                                                                                  0x6f5751d0
                                                                                  0x6f5751d3
                                                                                  0x6f5751d8
                                                                                  0x6f5751db
                                                                                  0x6f5751de
                                                                                  0x6f5751e0
                                                                                  0x6f5751e3
                                                                                  0x6f5751e6
                                                                                  0x6f5751e8
                                                                                  0x6f575342
                                                                                  0x6f575351
                                                                                  0x6f575356
                                                                                  0x6f57535a
                                                                                  0x6f575360
                                                                                  0x6f575363
                                                                                  0x6f575366
                                                                                  0x6f575369
                                                                                  0x6f575369
                                                                                  0x6f57536b
                                                                                  0x6f57536b
                                                                                  0x6f575370
                                                                                  0x6f5753a3
                                                                                  0x6f5753a4
                                                                                  0x6f5753a6
                                                                                  0x6f5753ab
                                                                                  0x6f5753ab
                                                                                  0x6f5753ae
                                                                                  0x6f5753ae
                                                                                  0x6f5753b5
                                                                                  0x6f5753bf
                                                                                  0x6f5753bf
                                                                                  0x6f575375
                                                                                  0x6f575396
                                                                                  0x6f5753a0
                                                                                  0x6f5753a0
                                                                                  0x00000000
                                                                                  0x6f575396
                                                                                  0x6f575377
                                                                                  0x6f575379
                                                                                  0x6f57537f
                                                                                  0x6f57538c
                                                                                  0x6f575390
                                                                                  0x00000000
                                                                                  0x6f575390
                                                                                  0x6f5751ee
                                                                                  0x6f5751f1
                                                                                  0x6f575301
                                                                                  0x6f575310
                                                                                  0x6f575315
                                                                                  0x6f575318
                                                                                  0x6f57531b
                                                                                  0x6f575320
                                                                                  0x6f57532e
                                                                                  0x6f575331
                                                                                  0x00000000
                                                                                  0x6f575331
                                                                                  0x6f575328
                                                                                  0x6f575329
                                                                                  0x00000000
                                                                                  0x6f575329
                                                                                  0x6f5751fa
                                                                                  0x6f575235
                                                                                  0x6f575236
                                                                                  0x6f575239
                                                                                  0x6f57523f
                                                                                  0x6f575240
                                                                                  0x6f575241
                                                                                  0x6f575242
                                                                                  0x6f575246
                                                                                  0x6f575247
                                                                                  0x6f57524e
                                                                                  0x6f575251
                                                                                  0x6f575267
                                                                                  0x6f575269
                                                                                  0x6f57526e
                                                                                  0x6f57527d
                                                                                  0x6f57527e
                                                                                  0x6f575281
                                                                                  0x6f575282
                                                                                  0x6f575287
                                                                                  0x6f575288
                                                                                  0x6f57528a
                                                                                  0x6f57528f
                                                                                  0x6f575294
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f57529a
                                                                                  0x6f57529c
                                                                                  0x6f57529e
                                                                                  0x6f57529e
                                                                                  0x6f5752a4
                                                                                  0x6f5752b0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5752ba
                                                                                  0x6f5752bc
                                                                                  0x6f5752bc
                                                                                  0x6f5752d4
                                                                                  0x6f5752d9
                                                                                  0x6f5752dc
                                                                                  0x6f5752e1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5752e7
                                                                                  0x6f5752f4
                                                                                  0x00000000
                                                                                  0x6f5752f4
                                                                                  0x6f575270
                                                                                  0x00000000
                                                                                  0x6f575270
                                                                                  0x6f5751fc
                                                                                  0x6f5751fd
                                                                                  0x6f575202
                                                                                  0x6f575203
                                                                                  0x6f575205
                                                                                  0x6f57520a
                                                                                  0x6f57520f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f57521b
                                                                                  0x6f575226
                                                                                  0x6f57522b
                                                                                  0x6f57521d
                                                                                  0x6f57521d
                                                                                  0x6f575222
                                                                                  0x6f575222
                                                                                  0x6f57522d
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • ZwQuerySystemInformation.BCCB(0000005A,?,00000020,00000000,6F5D05F0,00000080,6F565CA1,?,?,00000000,0000000E,00000000), ref: 6F575205
                                                                                    • Part of subcall function 6F539860: LdrInitializeThunk.NTDLL(6F5815BB,00000073,?,00000008,00000000,?,00000568), ref: 6F53986A
                                                                                  • ZwQuerySystemInformationEx.BCCB(0000006B,?,00000004,00000000,00000000,?,6F5D05F0,00000080,6F565CA1,?,?,00000000,0000000E,00000000), ref: 6F575249
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,0000006B,?,00000004,00000000,00000000,?,6F5D05F0,00000080,6F565CA1,?,?,00000000,0000000E), ref: 6F575262
                                                                                  • ZwQuerySystemInformationEx.BCCB(0000006B,?,00000004,00000000,?,?,?,0000006B,?,00000004,00000000,00000000,?,6F5D05F0,00000080,6F565CA1), ref: 6F57528A
                                                                                  • RtlFindCharInUnicodeString.BCCB(00000001,?,6F4D1810,?,6F5D05F0,00000080,6F565CA1,?,?,00000000,0000000E,00000000), ref: 6F575310
                                                                                  • RtlEnterCriticalSection.BCCB(?,6F5D05F0,00000080,6F565CA1,?,?,00000000,0000000E,00000000), ref: 6F575351
                                                                                  • memcpy.BCCB(?,00000002,?,?,?,?,?,?,?,?,?,?,?,?,6F5D05F0,00000080), ref: 6F57537F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InformationQuerySystem$AllocateCharCriticalEnterFindHeapInitializeSectionStringThunkUnicodememcpy
                                                                                  • String ID: Legacy$UEFI
                                                                                  • API String ID: 3324348579-634100481
                                                                                  • Opcode ID: 96856bedfe525ec744c0adfe44c5a1f929d895920e83f59a1fcab99aba253c63
                                                                                  • Instruction ID: bc20a6f71b4c65bf7aca5ff801e3475d6a5d4b4465088a891588907e795daeec
                                                                                  • Opcode Fuzzy Hash: 96856bedfe525ec744c0adfe44c5a1f929d895920e83f59a1fcab99aba253c63
                                                                                  • Instruction Fuzzy Hash: 05516CB1E146099FDB24CFAC8950BADBBB8BB48304F10453EE519EB291DB70AD01CB10
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F573C93, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 89%
                                                                                  			E6F573C93(intOrPtr __ecx, wchar_t* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				wchar_t* _v32;
				intOrPtr _v36;
				short _v38;
				void* _v40;
				void* _v48;
				void* _v56;
				void* __ebp;
				wchar_t* _t40;
				long _t43;
				long _t67;
				signed int _t72;
				intOrPtr _t75;
				signed short _t76;
				short _t78;
				intOrPtr _t79;
				void* _t80;
				signed short* _t81;
				intOrPtr _t84;
				void* _t85;
				void* _t89;

				_v12 = _v12 & 0x00000000;
				_t81 = __edx;
				_t79 = __ecx;
				_v24 = __ecx;
				_t40 = wcschr(__edx, 0x3d);
				if(_t40 == 0) {
					L25:
					__eflags = 0;
					return 0;
				}
				 *_t40 = 0;
				_t72 =  *_t81 & 0x0000ffff;
				_t87 = _t72 - 0x53;
				if(_t72 != 0x53) {
					__eflags = _t72 - 0x4f;
					if(_t72 != 0x4f) {
						goto L25;
					}
					_t43 = wcstoul( &(_t40[0]),  &_v32, 0x10);
					_t85 = _t85 + 0xc;
					_v12 = _t43;
					__eflags = _t43;
					if(__eflags == 0) {
						goto L25;
					}
					_t67 = 1;
					L6:
					_t80 = E6F573E74(_t79, _t87);
					if(_t80 == 0) {
						goto L25;
					}
					_t75 = 0;
					_t84 = ( *(_t80 + 0x14) & 0x0000ffff) + 0x18 + _t80;
					_t89 = 0 -  *(_t80 + 6);
					while(1) {
						_v8 = _t75;
						if(_t89 >= 0) {
							break;
						}
						_t78 = 8;
						if( *((intOrPtr*)(_t84 + 0xc)) == 0 ||  *((intOrPtr*)(_t84 + 8)) == 0) {
							L23:
							_t75 = _t75 + 1;
							_t84 = _t84 + 0x28;
							_t89 = _t75 - ( *(_t80 + 6) & 0x0000ffff);
							continue;
						} else {
							if(_t67 != 0) {
								_t21 = _t75 + 1; // 0x2
								__eflags = _v12 - _t21;
								if(_v12 != _t21) {
									L21:
									__eflags = _t67;
									if(_t67 != 0) {
										goto L23;
									}
									L22:
									RtlFreeUnicodeString( &_v48);
									_t75 = _v8;
									goto L23;
								}
								L19:
								_v16 =  *((intOrPtr*)(_t84 + 8));
								_v20 =  *((intOrPtr*)(_t84 + 0xc)) + _v24;
								_push( &_v28);
								_push(_a4);
								_push( &_v16);
								_push( &_v20);
								_push(0xffffffff);
								E6F539A00();
								_push(_v28);
								_push(_v16);
								_push(_v20);
								E6F585720(0x55, 3, "Set 0x%X protection for %p section for %d bytes, old protection 0x%X\n", _a4);
								_t85 = _t85 + 0x1c;
								__eflags = _t67;
								if(_t67 != 0) {
									break;
								}
								_t75 = _v8;
								goto L21;
							}
							_t76 = 0;
							_v36 = _t84;
							_v38 = _t78;
							_v40 = 0;
							while( *((char*)((_t76 & 0x0000ffff) + _t84)) != 0) {
								_t76 = _t76 + 1;
								_v40 = _t76;
								if(_t76 < _t78) {
									continue;
								}
								break;
							}
							if(RtlAnsiStringToUnicodeString( &_v48,  &_v40, 1) < 0) {
								goto L25;
							}
							if(RtlCompareUnicodeString( &_v56,  &_v48, 1) == 0) {
								goto L19;
							}
							goto L22;
						}
					}
					return 1;
				}
				RtlInitUnicodeString( &_v56,  &(_t40[0]));
				_t67 = 0;
				goto L6;
			}





























                                                                                  0x6f573c9b
                                                                                  0x6f573ca2
                                                                                  0x6f573ca4
                                                                                  0x6f573ca9
                                                                                  0x6f573cac
                                                                                  0x6f573cb5
                                                                                  0x6f573e08
                                                                                  0x6f573e08
                                                                                  0x00000000
                                                                                  0x6f573e08
                                                                                  0x6f573cbd
                                                                                  0x6f573cc0
                                                                                  0x6f573cc3
                                                                                  0x6f573cc6
                                                                                  0x6f573cd9
                                                                                  0x6f573cdc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f573cec
                                                                                  0x6f573cf1
                                                                                  0x6f573cf4
                                                                                  0x6f573cf7
                                                                                  0x6f573cf9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f573cff
                                                                                  0x6f573d01
                                                                                  0x6f573d08
                                                                                  0x6f573d0c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f573d1b
                                                                                  0x6f573d1d
                                                                                  0x6f573d1f
                                                                                  0x6f573d23
                                                                                  0x6f573d23
                                                                                  0x6f573d26
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f573d32
                                                                                  0x6f573d33
                                                                                  0x6f573df5
                                                                                  0x6f573df9
                                                                                  0x6f573dfa
                                                                                  0x6f573dfd
                                                                                  0x00000000
                                                                                  0x6f573d43
                                                                                  0x6f573d45
                                                                                  0x6f573d94
                                                                                  0x6f573d97
                                                                                  0x6f573d9a
                                                                                  0x6f573de5
                                                                                  0x6f573de5
                                                                                  0x6f573de7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f573de9
                                                                                  0x6f573ded
                                                                                  0x6f573df2
                                                                                  0x00000000
                                                                                  0x6f573df2
                                                                                  0x6f573d9c
                                                                                  0x6f573d9f
                                                                                  0x6f573da8
                                                                                  0x6f573dae
                                                                                  0x6f573daf
                                                                                  0x6f573db5
                                                                                  0x6f573db9
                                                                                  0x6f573dba
                                                                                  0x6f573dbc
                                                                                  0x6f573dc1
                                                                                  0x6f573dc4
                                                                                  0x6f573dc7
                                                                                  0x6f573dd6
                                                                                  0x6f573ddb
                                                                                  0x6f573dde
                                                                                  0x6f573de0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f573de2
                                                                                  0x00000000
                                                                                  0x6f573de2
                                                                                  0x6f573d47
                                                                                  0x6f573d49
                                                                                  0x6f573d4c
                                                                                  0x6f573d50
                                                                                  0x6f573d54
                                                                                  0x6f573d5d
                                                                                  0x6f573d5f
                                                                                  0x6f573d66
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f573d66
                                                                                  0x6f573d79
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f573d90
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f573d92
                                                                                  0x6f573d33
                                                                                  0x00000000
                                                                                  0x6f573e04
                                                                                  0x6f573cd0
                                                                                  0x6f573cd5
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • wcschr.BCCB(?,0000003D,00000000,?), ref: 6F573CAC
                                                                                  • RtlInitUnicodeString.BCCB(?,-00000002,00000000,?), ref: 6F573CD0
                                                                                  • wcstoul.BCCB(-00000002,?,00000010,00000000,?), ref: 6F573CEC
                                                                                  • RtlAnsiStringToUnicodeString.BCCB(?,?,00000001,00000000,?), ref: 6F573D72
                                                                                  • RtlCompareUnicodeString.BCCB(?,?,00000001,?,?,00000001,00000000,?), ref: 6F573D89
                                                                                  • ZwProtectVirtualMemory.BCCB(000000FF,?,?,00000000,?,00000000,?), ref: 6F573DBC
                                                                                  • DbgPrintEx.BCCB(00000055,00000003,Set 0x%X protection for %p section for %d bytes, old protection 0x%X,00000000,?,?,?,000000FF,?,?,00000000,?,00000000,?), ref: 6F573DD6
                                                                                  • RtlFreeUnicodeString.BCCB(?,00000000,?), ref: 6F573DED
                                                                                  Strings
                                                                                  • Set 0x%X protection for %p section for %d bytes, old protection 0x%X, xrefs: 6F573DCD
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: String$Unicode$AnsiCompareFreeInitMemoryPrintProtectVirtualwcschrwcstoul
                                                                                  • String ID: Set 0x%X protection for %p section for %d bytes, old protection 0x%X
                                                                                  • API String ID: 1186784509-1979073566
                                                                                  • Opcode ID: f78700acb66ea2ade95f7bdaf79061a6b9be5f56e475579dbcd79774c1a7f532
                                                                                  • Instruction ID: 17a4318ae374c6f1d06713ba7f1fa8734c0e3cf4227eabd832ef93bda26c5241
                                                                                  • Opcode Fuzzy Hash: f78700acb66ea2ade95f7bdaf79061a6b9be5f56e475579dbcd79774c1a7f532
                                                                                  • Instruction Fuzzy Hash: 9041E972D44219ABDB20CBE4C842BEEB7B8EF44360F50417AE955E7180EB71EE45C761
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F52F0BF, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 137memorynativefileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 75%
                                                                                  			E6F52F0BF(signed short* __ecx, signed short __edx, void* __eflags, void** _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v68;
				void* _v72;
				intOrPtr _v76;
				void* _t51;
				signed short _t82;
				short _t84;
				signed int _t91;
				void* _t97;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				void* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E6F514120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t108 = E6F539830();
					RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v44);
						_push( &_v52);
						_push(_v68);
						_t108 = E6F539990();
						if(_t108 < 0) {
							L10:
							_push(_v68);
							E6F5395D0();
							goto L11;
						} else {
							_t109 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								_t97 = _t21;
								 *((intOrPtr*)(_t109 + 4)) = _v76;
								 *_t109 = 1;
								 *(_t109 + 0x10) = _t97;
								 *(_t109 + 0xe) = _t82;
								 *(_t109 + 8) = _v72;
								 *((intOrPtr*)(_t109 + 0x14)) = _v48;
								memcpy(_t97, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *(_t109 + 0x10) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v76);
										E6F5395D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)( *(_t109 + 0x10) + _t100)) = _t84;
										 *((short*)( *(_t109 + 0x10) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}


























                                                                                  0x6f52f0d3
                                                                                  0x6f52f0d9
                                                                                  0x6f52f0e0
                                                                                  0x6f52f0e7
                                                                                  0x6f52f0f2
                                                                                  0x6f52f0f4
                                                                                  0x6f52f0f8
                                                                                  0x6f52f100
                                                                                  0x6f52f108
                                                                                  0x6f52f10d
                                                                                  0x6f52f115
                                                                                  0x6f52f116
                                                                                  0x6f52f11f
                                                                                  0x6f52f123
                                                                                  0x6f52f124
                                                                                  0x6f52f12c
                                                                                  0x6f52f130
                                                                                  0x6f52f144
                                                                                  0x6f52f14b
                                                                                  0x6f52f152
                                                                                  0x6f56bab0
                                                                                  0x6f56bab0
                                                                                  0x6f52f158
                                                                                  0x6f52f158
                                                                                  0x6f52f15a
                                                                                  0x6f52f160
                                                                                  0x6f52f165
                                                                                  0x6f52f166
                                                                                  0x6f52f16f
                                                                                  0x6f52f173
                                                                                  0x6f56baa7
                                                                                  0x6f56baa7
                                                                                  0x6f56baab
                                                                                  0x00000000
                                                                                  0x6f52f179
                                                                                  0x6f52f18d
                                                                                  0x6f52f191
                                                                                  0x6f56baa2
                                                                                  0x00000000
                                                                                  0x6f52f197
                                                                                  0x6f52f19b
                                                                                  0x6f52f19b
                                                                                  0x6f52f1a2
                                                                                  0x6f52f1a9
                                                                                  0x6f52f1af
                                                                                  0x6f52f1b2
                                                                                  0x6f52f1b6
                                                                                  0x6f52f1b9
                                                                                  0x6f52f1c4
                                                                                  0x6f52f1d8
                                                                                  0x6f52f1df
                                                                                  0x6f52f1e3
                                                                                  0x6f52f1eb
                                                                                  0x6f52f1ee
                                                                                  0x6f52f1f4
                                                                                  0x6f52f20f
                                                                                  0x6f56bab7
                                                                                  0x6f56babb
                                                                                  0x6f56bacc
                                                                                  0x6f56bad1
                                                                                  0x6f52f215
                                                                                  0x6f52f218
                                                                                  0x6f52f226
                                                                                  0x6f52f22b
                                                                                  0x00000000
                                                                                  0x6f52f22b
                                                                                  0x6f52f1f6
                                                                                  0x6f52f1f6
                                                                                  0x6f52f1f9
                                                                                  0x6f52f1fb
                                                                                  0x6f52f1fb
                                                                                  0x6f52f1f4
                                                                                  0x6f52f191
                                                                                  0x6f52f173
                                                                                  0x6f52f152
                                                                                  0x6f52f203

                                                                                  APIs
                                                                                  • ZwOpenFile.BCCB(?,?,?,00000021,00100020,?), ref: 6F52F134
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,?,?,00000021,00100020,?), ref: 6F52F14B
                                                                                  • ZwQueryVolumeInformationFile.BCCB(00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6F52F16A
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6F52F188
                                                                                  • memcpy.BCCB(00000018,?,00000000,00000000,?,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021), ref: 6F52F1C4
                                                                                  • ZwClose.BCCB(00000000,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6F56BAAB
                                                                                  • ZwClose.BCCB(?,?,?,00000000,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6F5E79A0,6F5E79A0), ref: 6F56BABB
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,?,00000000,?,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6F56BACC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$CloseFileFree$AllocateInformationOpenQueryVolumememcpy
                                                                                  • String ID: @
                                                                                  • API String ID: 3376599671-2766056989
                                                                                  • Opcode ID: bc308e549de3a988c6ac60b70788acaf037fb8276dbbee3780fcbe0c5feb68a4
                                                                                  • Instruction ID: e37cc3e4285e067f00db3cee61ea8f3f9c543d0b19198c77d147a6d9e243ec19
                                                                                  • Opcode Fuzzy Hash: bc308e549de3a988c6ac60b70788acaf037fb8276dbbee3780fcbe0c5feb68a4
                                                                                  • Instruction Fuzzy Hash: 90515C72604710ABD321CF29C840A67B7F9FF88714F004A2AF9A5976A0E774ED55CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5A6369, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 113nativefileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 46%
                                                                                  			E6F5A6369(char* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr* _a4) {
				signed int _v12;
				short _v536;
				char _v540;
				char _v544;
				char _v548;
				intOrPtr _v556;
				char _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				char _v584;
				void* _v592;
				char _v600;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t33;
				char* _t50;
				intOrPtr* _t52;
				intOrPtr* _t63;
				signed int _t65;

				_v12 =  *0x6f5ed360 ^ _t65;
				_t52 = _a4;
				_t63 = __edx;
				_t64 = __ecx;
				_t62 = 0x100;
				if(E6F58CD55( &_v536, 0x100, L"\\SystemRoot\\Globalization\\") < 0) {
					L11:
					_t33 = 0xc0000001;
					L12:
					return E6F53B640(_t33, _t52, _v12 ^ _t65, _t62, _t63, _t64);
				}
				_t64 = 0x100;
				_t62 = 0x100;
				if(E6F5983B1( &_v536, 0x100, __ecx) < 0) {
					goto L11;
				}
				_t62 = 0x100;
				if(E6F5983B1( &_v536, 0x100, L".nlp") < 0) {
					goto L11;
				}
				RtlInitUnicodeString( &_v592,  &_v536);
				_v584 = 0x18;
				_push(0);
				_v580 = 0;
				_v576 =  &_v592;
				_push(1);
				_push( &_v600);
				_v572 = 0x40;
				_push( &_v584);
				_push(0x80100000);
				_v568 = 0;
				_push( &_v540);
				_v564 = 0;
				_t64 = E6F539830();
				if(_t64 >= 0) {
					_t62 =  &_v560;
					if(E6F5A60A2(_v540,  &_v560) < 0 || _v556 != 0) {
						_t64 = 0xc0000001;
					} else {
						_push(_v540);
						_push(0x8000000);
						_push(2);
						 *_t52 = _v560;
						_t52 = 0;
						_push(0);
						_push(0);
						_push(0xf0005);
						_push( &_v544);
						_t64 = E6F5399A0();
						if(_t64 >= 0) {
							_push(2);
							_push(0);
							_push(1);
							 *_t63 = 0;
							_push( &_v548);
							_push(0);
							_push(0);
							_push(0);
							_push(_t63);
							_push(0xffffffff);
							_push(_v544);
							_v548 = 0;
							_t50 = E6F539780();
							_push(_v544);
							_t64 = _t50;
							E6F5395D0();
						}
					}
					_push(_v540);
					E6F5395D0();
				}
				_t33 = _t64;
				goto L12;
			}


























                                                                                  0x6f5a637b
                                                                                  0x6f5a637f
                                                                                  0x6f5a6384
                                                                                  0x6f5a6386
                                                                                  0x6f5a638d
                                                                                  0x6f5a639f
                                                                                  0x6f5a64e3
                                                                                  0x6f5a64e3
                                                                                  0x6f5a64e8
                                                                                  0x6f5a64f8
                                                                                  0x6f5a64f8
                                                                                  0x6f5a63a6
                                                                                  0x6f5a63b1
                                                                                  0x6f5a63ba
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5a63c5
                                                                                  0x6f5a63d4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5a63e8
                                                                                  0x6f5a63ef
                                                                                  0x6f5a63f9
                                                                                  0x6f5a6400
                                                                                  0x6f5a6406
                                                                                  0x6f5a6412
                                                                                  0x6f5a6414
                                                                                  0x6f5a641b
                                                                                  0x6f5a6425
                                                                                  0x6f5a6426
                                                                                  0x6f5a6431
                                                                                  0x6f5a6437
                                                                                  0x6f5a6438
                                                                                  0x6f5a6443
                                                                                  0x6f5a6447
                                                                                  0x6f5a6453
                                                                                  0x6f5a6460
                                                                                  0x6f5a64cf
                                                                                  0x6f5a646b
                                                                                  0x6f5a646b
                                                                                  0x6f5a6477
                                                                                  0x6f5a647c
                                                                                  0x6f5a647e
                                                                                  0x6f5a6480
                                                                                  0x6f5a6482
                                                                                  0x6f5a6483
                                                                                  0x6f5a6484
                                                                                  0x6f5a648f
                                                                                  0x6f5a6495
                                                                                  0x6f5a6499
                                                                                  0x6f5a649b
                                                                                  0x6f5a649d
                                                                                  0x6f5a649e
                                                                                  0x6f5a64a6
                                                                                  0x6f5a64a8
                                                                                  0x6f5a64a9
                                                                                  0x6f5a64aa
                                                                                  0x6f5a64ab
                                                                                  0x6f5a64ac
                                                                                  0x6f5a64ad
                                                                                  0x6f5a64af
                                                                                  0x6f5a64b5
                                                                                  0x6f5a64bb
                                                                                  0x6f5a64c0
                                                                                  0x6f5a64c6
                                                                                  0x6f5a64c8
                                                                                  0x6f5a64c8
                                                                                  0x6f5a6499
                                                                                  0x6f5a64d4
                                                                                  0x6f5a64da
                                                                                  0x6f5a64da
                                                                                  0x6f5a64df
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB(?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6F5A63E8
                                                                                  • ZwOpenFile.BCCB(?,80100000,00000018,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6F5A643E
                                                                                    • Part of subcall function 6F5A60A2: ZwQueryInformationFile.BCCB(?,00000001,?,00000018,00000005,00000000,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000), ref: 6F5A60C4
                                                                                  • ZwCreateSection.BCCB(?,000F0005,00000000,00000000,00000002,08000000,?,?,80100000,00000018,?,00000001,00000000,?,?,.nlp), ref: 6F5A6490
                                                                                    • Part of subcall function 6F5399A0: LdrInitializeThunk.NTDLL(6F581A59,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6F5399AA
                                                                                  • ZwMapViewOfSection.BCCB(?,000000FF,00000000,00000000,00000000,00000000,?,00000001,00000000,00000002,?,000F0005,00000000,00000000,00000002,08000000), ref: 6F5A64BB
                                                                                    • Part of subcall function 6F539780: LdrInitializeThunk.NTDLL(6F581A79,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004), ref: 6F53978A
                                                                                  • ZwClose.BCCB(?,?,000000FF,00000000,00000000,00000000,00000000,?,00000001,00000000,00000002,?,000F0005,00000000,00000000,00000002), ref: 6F5A64C8
                                                                                  • ZwClose.BCCB(?,?,80100000,00000018,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6F5A64DA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CloseFileInitializeSectionThunk$CreateInformationInitOpenQueryStringUnicodeView
                                                                                  • String ID: .nlp$@$\SystemRoot\Globalization\
                                                                                  • API String ID: 4284092774-2934557456
                                                                                  • Opcode ID: ebad25bc8936463192ef05c81ddaafd225a910fdf09ecab1da661cc4879ea62f
                                                                                  • Instruction ID: 56d5a89d7b665d02a8fddea0e5c5a6b09106236f5b810279db04203aae89d17c
                                                                                  • Opcode Fuzzy Hash: ebad25bc8936463192ef05c81ddaafd225a910fdf09ecab1da661cc4879ea62f
                                                                                  • Instruction Fuzzy Hash: EA4144B1D4172C6BDB219A58CCC8FDEB779EB85314F1041F6A908A7280DB759E94CFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5237EB, Relevance: 15.3, APIs: 10, Instructions: 269memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 86%
                                                                                  			E6F5237EB(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t98;
				intOrPtr _t102;
				char* _t113;
				signed short _t123;
				signed int _t124;
				signed int _t129;
				intOrPtr* _t133;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t139;
				intOrPtr* _t141;
				long _t152;
				void* _t153;
				signed int _t154;
				signed int _t155;
				signed int _t157;
				signed int _t160;
				signed short _t163;
				signed short _t164;
				signed int _t173;
				intOrPtr* _t176;
				short _t178;
				intOrPtr _t179;
				intOrPtr* _t181;
				intOrPtr _t182;
				void* _t183;

				_push(0x50);
				_push(0x6f5cff48);
				E6F54D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t183 - 0x44)) = __ecx;
				 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000001;
				 *((intOrPtr*)(_t183 - 0x24)) = 0;
				 *((intOrPtr*)(__ecx)) = 0;
				 *(_t183 - 0x2c) = __edx & 0x00000001;
				_t98 =  *[fs:0x30];
				RtlImageNtHeader( *(_t98 + 8));
				if(_t98 == 0) {
					_t178 = 0xc000007b;
					L28:
					return E6F54D0D1(_t178);
				}
				 *((intOrPtr*)(_t183 - 0x38)) =  *((intOrPtr*)(_t98 + 0x60));
				_t179 =  *((intOrPtr*)(_t98 + 0x64));
				 *((intOrPtr*)(_t183 - 0x30)) = _t179;
				_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x208));
				if(_t102 != 0) {
					if(_t179 < _t102) {
						 *((intOrPtr*)(_t183 - 0x30)) = _t102;
					}
				}
				_t181 = RtlAllocateHeap( *( *[fs:0x30] + 0x18),  *0x6f5e84c4 + 0x000c0000 | 0x00000008, 0x120);
				 *((intOrPtr*)(_t183 - 0x20)) = _t181;
				 *((intOrPtr*)(_t183 - 4)) = 0;
				 *((intOrPtr*)(_t183 - 0x40)) = 1;
				if(_t181 == 0) {
					L36:
					_t178 = 0xc0000017;
					 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000017;
					goto L24;
				} else {
					_t152 =  *0x6f5e84c4 + 0xc0000;
					 *(_t183 - 0x48) = _t152;
					_t153 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t152,  *0x6f5e84c0 * 0x24);
					 *((intOrPtr*)(_t183 - 0x24)) = _t153;
					if(_t153 == 0) {
						_t178 = 0xc0000017;
						 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000017;
						_t181 =  *((intOrPtr*)(_t183 - 0x20));
						L24:
						 *((intOrPtr*)(_t183 - 4)) = 0xfffffffe;
						 *((intOrPtr*)(_t183 - 0x40)) = 0;
						E6F523B5A(_t107, 0, _t178, _t181);
						if(_t178 < 0) {
							goto L28;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t183 - 0x44)))) = _t181;
						if(E6F517D50() != 0) {
							_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							_t178 =  *((intOrPtr*)(_t183 - 0x1c));
							_t181 =  *((intOrPtr*)(_t183 - 0x20));
						} else {
							_t113 = 0x7ffe0386;
						}
						if( *_t113 != 0) {
							L32:
							E6F5C8BB6(_t181);
						}
						goto L28;
					}
					_t154 = 0;
					 *(_t183 - 0x28) = 0;
					_t182 =  *((intOrPtr*)(_t183 - 0x20));
					_t173 =  *0x6f5e84c0;
					while(_t154 < 3) {
						 *((intOrPtr*)(_t182 + 0x10 + _t154 * 4)) = _t173 * _t154 * 0xc +  *((intOrPtr*)(_t183 - 0x24));
						_t154 = _t154 + 1;
						 *(_t183 - 0x28) = _t154;
					}
					_t155 = 0;
					while(1) {
						 *(_t183 - 0x28) = _t155;
						if(_t155 >= _t173 * 3) {
							break;
						}
						_t141 = _t155 * 0xc +  *((intOrPtr*)(_t183 - 0x24));
						 *((intOrPtr*)(_t141 + 8)) = 0;
						 *((intOrPtr*)(_t141 + 4)) = _t141;
						 *_t141 = _t141;
						_t155 = _t155 + 1;
					}
					_t157 =  *0x6f5e84c4 + 0xc0000;
					 *(_t183 - 0x4c) = _t157;
					_t107 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t157 | 0x00000008, _t173 << 2);
					_t181 =  *((intOrPtr*)(_t183 - 0x20));
					 *(_t181 + 0x1c) = _t107;
					if(_t107 == 0) {
						goto L36;
					}
					_t160 =  *0x6f5e84c4 + 0xc0000;
					 *(_t183 - 0x50) = _t160;
					_t107 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t160 | 0x00000008,  *0x6f5e84c0 * 0xc);
					_t181 =  *((intOrPtr*)(_t183 - 0x20));
					 *(_t181 + 0x20) = _t107;
					if(_t107 == 0) {
						goto L36;
					}
					_t123 =  *0x7ffe03c0;
					 *(_t183 - 0x34) = _t123;
					 *(_t183 - 0x54) = _t123;
					 *(_t181 + 0x100) = _t123;
					_t178 = E6F523B7A(_t181);
					 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
					if(_t178 < 0) {
						goto L24;
					}
					 *((intOrPtr*)(_t181 + 0x104)) = 0xfffffffe;
					 *(_t183 - 0x60) = 0;
					 *((intOrPtr*)(_t183 - 0x5c)) = 0;
					_t163 =  *(_t183 - 0x34);
					_t124 = _t163 & 0x0000ffff;
					 *(_t183 - 0x60) = _t124;
					 *(_t181 + 8) = _t124;
					 *((intOrPtr*)(_t181 + 0xc)) = 0;
					 *_t181 = 1;
					if(_t163 < 4) {
						_t164 = 4;
					} else {
						_t164 = _t163 + 1;
					}
					 *(_t183 - 0x34) = _t164;
					_t49 = _t181 + 0x28; // 0x28
					_push(_t164);
					_push(0);
					_push(0x1f0003);
					_t178 = E6F539F70();
					 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
					if(_t178 < 0) {
						goto L24;
					} else {
						 *((intOrPtr*)(_t183 - 4)) = 1;
						 *((intOrPtr*)(_t183 - 0x3c)) = 1;
						_t129 =  *0x7ffe03c0 << 2;
						if(_t129 < 0x200) {
							_t129 = 0x200;
						}
						_t53 = _t181 + 0x24; // 0x24
						_push( *((intOrPtr*)(_t183 - 0x30)));
						_push( *((intOrPtr*)(_t183 - 0x38)));
						_push(_t129);
						_push(_t181);
						_push(0x6f51c740);
						_push(0xffffffff);
						_push( *((intOrPtr*)(_t181 + 0x28)));
						_push(0);
						_push(0xf00ff);
						_t178 = E6F53A160();
						 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
						if(_t178 < 0) {
							L23:
							 *((intOrPtr*)(_t183 - 4)) = 0;
							 *((intOrPtr*)(_t183 - 0x3c)) = 0;
							_t107 = E6F523B48(_t130, 0, _t178, _t181);
							goto L24;
						} else {
							if( *(_t183 - 0x2c) != 0) {
								_push(4);
								_push(_t183 - 0x2c);
								_push(0xd);
								_push( *((intOrPtr*)(_t181 + 0x24)));
								_t178 = E6F53AE70();
								 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
								if(_t178 < 0) {
									goto L23;
								}
								 *((short*)(_t181 + 0xe6)) =  *(_t183 - 0x2c);
							}
							 *((intOrPtr*)(_t181 + 0x2c)) = 0;
							 *((intOrPtr*)(_t181 + 0xe0)) = 0;
							 *((intOrPtr*)(_t181 + 0x110)) = 0;
							 *((short*)(_t181 + 0xe4)) = 0;
							_t63 = _t181 + 0x30; // 0x30
							_t133 = _t63;
							 *((intOrPtr*)(_t133 + 4)) = _t133;
							 *_t133 = _t133;
							_t65 = _t181 + 0x38; // 0x38
							_t134 = _t65;
							 *((intOrPtr*)(_t134 + 4)) = _t134;
							 *_t134 = _t134;
							_t67 = _t181 + 0x114; // 0x114
							_t135 = _t67;
							 *((intOrPtr*)(_t135 + 4)) = _t135;
							 *_t135 = _t135;
							E6F51F194(_t181, _t183 - 0x58, 0);
							_t181 =  *((intOrPtr*)(_t183 - 0x20));
							 *((intOrPtr*)(_t181 + 0xf0)) =  *((intOrPtr*)(_t183 + 4));
							_t73 = _t181 + 0x40; // 0x40
							_t178 = E6F52196E(_t73, _t181);
							 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
							if(_t178 < 0) {
								goto L23;
							}
							_t178 = 0;
							 *((intOrPtr*)(_t183 - 0x1c)) = 0;
							E6F512280(_t130, 0x6f5e86b4);
							 *((intOrPtr*)(_t183 - 4)) = 2;
							_t77 = _t181 + 0xe8; // 0xe8
							_t139 = _t77;
							_t176 =  *0x6f5e53dc; // 0x6f5e53d8
							if( *_t176 != 0x6f5e53d8) {
								_push(3);
								asm("int 0x29");
								goto L32;
							}
							 *_t139 = 0x6f5e53d8;
							 *((intOrPtr*)(_t139 + 4)) = _t176;
							 *_t176 = _t139;
							 *0x6f5e53dc = _t139;
							 *((intOrPtr*)(_t183 - 4)) = 1;
							_t130 = E6F523B3D();
							goto L23;
						}
					}
				}
			}





























                                                                                  0x6f5237eb
                                                                                  0x6f5237ed
                                                                                  0x6f5237f2
                                                                                  0x6f5237f7
                                                                                  0x6f5237fa
                                                                                  0x6f523803
                                                                                  0x6f523806
                                                                                  0x6f52380b
                                                                                  0x6f52380e
                                                                                  0x6f523817
                                                                                  0x6f52381e
                                                                                  0x6f56615c
                                                                                  0x6f523b0c
                                                                                  0x6f523b13
                                                                                  0x6f523b13
                                                                                  0x6f523827
                                                                                  0x6f52382a
                                                                                  0x6f52382d
                                                                                  0x6f523836
                                                                                  0x6f52383e
                                                                                  0x6f566168
                                                                                  0x6f56616e
                                                                                  0x6f56616e
                                                                                  0x6f566168
                                                                                  0x6f523865
                                                                                  0x6f523867
                                                                                  0x6f52386a
                                                                                  0x6f52386d
                                                                                  0x6f523876
                                                                                  0x6f566176
                                                                                  0x6f566176
                                                                                  0x6f56617b
                                                                                  0x00000000
                                                                                  0x6f52387c
                                                                                  0x6f523882
                                                                                  0x6f523888
                                                                                  0x6f5238a2
                                                                                  0x6f5238a4
                                                                                  0x6f5238a9
                                                                                  0x6f566183
                                                                                  0x6f566188
                                                                                  0x6f56618b
                                                                                  0x6f523ad9
                                                                                  0x6f523ad9
                                                                                  0x6f523ae0
                                                                                  0x6f523ae7
                                                                                  0x6f523aee
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f523af3
                                                                                  0x6f523afc
                                                                                  0x6f566288
                                                                                  0x6f56628d
                                                                                  0x6f566290
                                                                                  0x6f523b02
                                                                                  0x6f523b02
                                                                                  0x6f523b02
                                                                                  0x6f523b0a
                                                                                  0x6f523b71
                                                                                  0x6f523b73
                                                                                  0x6f523b73
                                                                                  0x00000000
                                                                                  0x6f523b0a
                                                                                  0x6f5238af
                                                                                  0x6f5238b1
                                                                                  0x6f5238b4
                                                                                  0x6f5238b7
                                                                                  0x6f5238bd
                                                                                  0x6f5238cd
                                                                                  0x6f5238d1
                                                                                  0x6f5238d2
                                                                                  0x6f5238d2
                                                                                  0x6f5238d7
                                                                                  0x6f5238d9
                                                                                  0x6f5238d9
                                                                                  0x6f5238e1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5238e6
                                                                                  0x6f5238e9
                                                                                  0x6f5238ec
                                                                                  0x6f5238ef
                                                                                  0x6f5238f1
                                                                                  0x6f5238f1
                                                                                  0x6f5238fa
                                                                                  0x6f523900
                                                                                  0x6f523916
                                                                                  0x6f52391b
                                                                                  0x6f52391e
                                                                                  0x6f523923
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f52392f
                                                                                  0x6f523935
                                                                                  0x6f52394d
                                                                                  0x6f523952
                                                                                  0x6f523955
                                                                                  0x6f52395a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f523960
                                                                                  0x6f523965
                                                                                  0x6f523968
                                                                                  0x6f52396b
                                                                                  0x6f523978
                                                                                  0x6f52397a
                                                                                  0x6f52397f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f523985
                                                                                  0x6f52398f
                                                                                  0x6f523992
                                                                                  0x6f523995
                                                                                  0x6f523998
                                                                                  0x6f52399b
                                                                                  0x6f52399e
                                                                                  0x6f5239a1
                                                                                  0x6f5239a4
                                                                                  0x6f5239ad
                                                                                  0x6f566195
                                                                                  0x6f5239b3
                                                                                  0x6f5239b3
                                                                                  0x6f5239b3
                                                                                  0x6f5239b4
                                                                                  0x6f5239b7
                                                                                  0x6f5239ba
                                                                                  0x6f5239bb
                                                                                  0x6f5239bc
                                                                                  0x6f5239c7
                                                                                  0x6f5239c9
                                                                                  0x6f5239ce
                                                                                  0x00000000
                                                                                  0x6f5239d4
                                                                                  0x6f5239d7
                                                                                  0x6f5239da
                                                                                  0x6f5239e2
                                                                                  0x6f5239ec
                                                                                  0x6f5239ee
                                                                                  0x6f5239ee
                                                                                  0x6f5239f0
                                                                                  0x6f5239f3
                                                                                  0x6f5239f6
                                                                                  0x6f5239f9
                                                                                  0x6f5239fa
                                                                                  0x6f5239fb
                                                                                  0x6f523a00
                                                                                  0x6f523a02
                                                                                  0x6f523a05
                                                                                  0x6f523a06
                                                                                  0x6f523a11
                                                                                  0x6f523a13
                                                                                  0x6f523a18
                                                                                  0x6f523aca
                                                                                  0x6f523aca
                                                                                  0x6f523acd
                                                                                  0x6f523ad4
                                                                                  0x00000000
                                                                                  0x6f523a1e
                                                                                  0x6f523a22
                                                                                  0x6f523b14
                                                                                  0x6f523b19
                                                                                  0x6f523b1a
                                                                                  0x6f523b1c
                                                                                  0x6f523b24
                                                                                  0x6f523b26
                                                                                  0x6f523b2b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f523b31
                                                                                  0x6f523b31
                                                                                  0x6f523a28
                                                                                  0x6f523a2b
                                                                                  0x6f523a31
                                                                                  0x6f523a37
                                                                                  0x6f523a3e
                                                                                  0x6f523a3e
                                                                                  0x6f523a41
                                                                                  0x6f523a44
                                                                                  0x6f523a46
                                                                                  0x6f523a46
                                                                                  0x6f523a49
                                                                                  0x6f523a4c
                                                                                  0x6f523a4e
                                                                                  0x6f523a4e
                                                                                  0x6f523a54
                                                                                  0x6f523a57
                                                                                  0x6f523a5f
                                                                                  0x6f523a67
                                                                                  0x6f523a6a
                                                                                  0x6f523a70
                                                                                  0x6f523a7a
                                                                                  0x6f523a7c
                                                                                  0x6f523a81
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f523a83
                                                                                  0x6f523a85
                                                                                  0x6f523a8d
                                                                                  0x6f523a92
                                                                                  0x6f523a99
                                                                                  0x6f523a99
                                                                                  0x6f523a9f
                                                                                  0x6f523aac
                                                                                  0x6f523b6c
                                                                                  0x6f523b6f
                                                                                  0x00000000
                                                                                  0x6f523b6f
                                                                                  0x6f523ab2
                                                                                  0x6f523ab4
                                                                                  0x6f523ab7
                                                                                  0x6f523ab9
                                                                                  0x6f523abe
                                                                                  0x6f523ac5
                                                                                  0x00000000
                                                                                  0x6f523ac5
                                                                                  0x6f523a18
                                                                                  0x6f5239ce

                                                                                  APIs
                                                                                  • RtlImageNtHeader.BCCB(?,6F5CFF48,00000050,6F523E98,?,6F51F900,00000000,00000000,?,?,?,6F5CFEB8,0000001C,6F4F2C4C,?), ref: 6F523817
                                                                                    • Part of subcall function 6F50B060: RtlImageNtHeaderEx.BCCB(00000001,?,00000000,00000000,?,?,?,6F52381C,?,6F5CFF48,00000050,6F523E98,?,6F51F900,00000000,00000000), ref: 6F50B076
                                                                                  • RtlAllocateHeap.BCCB(?,?,00000120,?,6F5CFF48,00000050,6F523E98,?,6F51F900,00000000,00000000,?,?,?,6F5CFEB8,0000001C), ref: 6F523860
                                                                                  • RtlAllocateHeap.BCCB(?,?,00000000,?,?,00000120,?,6F5CFF48,00000050,6F523E98,?,6F51F900,00000000,00000000), ref: 6F52389D
                                                                                  • RtlAllocateHeap.BCCB(?,?,?,?,?,00000000,?,?,00000120,?,6F5CFF48,00000050,6F523E98,?,6F51F900,00000000), ref: 6F523916
                                                                                  • RtlAllocateHeap.BCCB(?,?,00000000,?,?,?,?,?,00000000,?,?,00000120,?,6F5CFF48,00000050,6F523E98), ref: 6F52394D
                                                                                  • ZwCreateIoCompletion.BCCB(00000028,001F0003,00000000,?), ref: 6F5239C2
                                                                                  • ZwCreateWorkerFactory.BCCB(00000024,000F00FF,00000000,?,000000FF,6F51C740,00000000,7FFE03C0,?,?,00000028,001F0003,00000000,?), ref: 6F523A0C
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E86B4,00000000,00000024,000F00FF,00000000,?,000000FF,6F51C740,00000000,7FFE03C0,?,?,00000028,001F0003,00000000,?), ref: 6F523A8D
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,00000000,?,?,?,?,?,00000000,?,?,00000120,?,6F5CFF48,00000050,6F523E98), ref: 6F523AF5
                                                                                  • ZwSetInformationWorkerFactory.BCCB(?,0000000D,00000000,00000004,00000024,000F00FF,00000000,?,000000FF,6F51C740,00000000,7FFE03C0,?,?,00000028,001F0003), ref: 6F523B1F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap$CreateFactoryHeaderImageWorker$AcquireCompletionCurrentExclusiveInformationLockServiceSession
                                                                                  • String ID:
                                                                                  • API String ID: 358453882-0
                                                                                  • Opcode ID: 3b54bb2f95eefc5f5df2901f3caa998890eb4ce43e898065075b52db3cbb926d
                                                                                  • Instruction ID: 8f76c1bafd712520927b834fe6db7b9561e0ae31fe3e4af9a7c85e8d5c1beb46
                                                                                  • Opcode Fuzzy Hash: 3b54bb2f95eefc5f5df2901f3caa998890eb4ce43e898065075b52db3cbb926d
                                                                                  • Instruction Fuzzy Hash: A1B135B19047089FCB15CFA9CA41A9EBBF5FB89314F15467EE41AAB3A0D734AD01CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F5210, Relevance: 15.1, APIs: 10, Instructions: 107memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 85%
                                                                                  			E6F4F5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				void* _t35;
				int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E6F4F52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *(_t31 + 0x28);
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *(_t61 + 0x10);
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E6F5395D0();
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
						}
					} else {
						E6F50EB70(_t54, 0x6f5e79a0);
					}
					return _t52 + 2;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E6F5395D0();
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
							}
						} else {
							E6F50EB70(_t54, 0x6f5e79a0);
						}
						return _t52;
					}
					L5:
					_t33 = memcpy(_a8, _t54, _t52);
					if(_t61 == 0) {
						E6F50EB70(_t54, 0x6f5e79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E6F5395D0();
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t35 + _t52)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                  0x6f4f5220
                                                                                  0x6f4f5224
                                                                                  0x6f550d13
                                                                                  0x6f550d16
                                                                                  0x6f550d19
                                                                                  0x6f4f522a
                                                                                  0x6f4f522a
                                                                                  0x6f4f522d
                                                                                  0x6f4f522d
                                                                                  0x6f4f5231
                                                                                  0x6f4f5235
                                                                                  0x6f4f5239
                                                                                  0x6f550d5c
                                                                                  0x6f550d62
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f550d6a
                                                                                  0x6f550d7b
                                                                                  0x6f550d7f
                                                                                  0x6f550d81
                                                                                  0x6f550d84
                                                                                  0x6f550d95
                                                                                  0x6f550d95
                                                                                  0x6f550d6c
                                                                                  0x6f550d71
                                                                                  0x6f550d71
                                                                                  0x00000000
                                                                                  0x6f4f524a
                                                                                  0x6f4f524a
                                                                                  0x6f4f5250
                                                                                  0x6f550d24
                                                                                  0x6f550d35
                                                                                  0x6f550d39
                                                                                  0x6f550d3b
                                                                                  0x6f550d3e
                                                                                  0x6f550d50
                                                                                  0x6f550d50
                                                                                  0x6f550d26
                                                                                  0x6f550d2b
                                                                                  0x6f550d2b
                                                                                  0x00000000
                                                                                  0x6f550d55
                                                                                  0x6f4f5256
                                                                                  0x6f4f525b
                                                                                  0x6f4f5265
                                                                                  0x6f550da7
                                                                                  0x6f4f526b
                                                                                  0x6f4f526e
                                                                                  0x6f4f5272
                                                                                  0x6f550db1
                                                                                  0x6f550db4
                                                                                  0x6f550dc5
                                                                                  0x6f550dc5
                                                                                  0x6f4f5272
                                                                                  0x6f4f5278
                                                                                  0x6f4f527e
                                                                                  0x6f4f528a
                                                                                  0x6f4f528c
                                                                                  0x6f4f528d
                                                                                  0x00000000
                                                                                  0x6f4f5280
                                                                                  0x6f4f5282
                                                                                  0x6f4f5288
                                                                                  0x6f4f529f
                                                                                  0x6f4f5292
                                                                                  0x00000000
                                                                                  0x6f4f5292
                                                                                  0x00000000
                                                                                  0x6f4f5288
                                                                                  0x6f4f527e

                                                                                  APIs
                                                                                    • Part of subcall function 6F4F52A5: RtlEnterCriticalSection.BCCB(6F5E79A0,?,?,00000000,?,?,?,6F4F51B4,?,?,?), ref: 6F4F52BF
                                                                                    • Part of subcall function 6F4F52A5: RtlLeaveCriticalSection.BCCB(6F5E79A0,6F5E79A0,?,?,00000000,?,?,?,6F4F51B4,?,?,?), ref: 6F4F52DD
                                                                                  • memcpy.BCCB(?,?), ref: 6F4F525B
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E79A0), ref: 6F550D2B
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E79A0), ref: 6F550D71
                                                                                  • ZwClose.BCCB(?), ref: 6F550D84
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?), ref: 6F550D95
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E79A0), ref: 6F550DA7
                                                                                  • ZwClose.BCCB(?), ref: 6F550DB4
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?), ref: 6F550DC5
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Leave$CloseFreeHeap$Entermemcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3163955863-0
                                                                                  • Opcode ID: 5f05478b5cb1d07523c72b310ffb43d7a8ce5bc8648096d42fd2dce238e67d61
                                                                                  • Instruction ID: 2ec444ebcfbfc31c3dd42a59cd5d204bd4e86266ef5d01dbba37d0fdeedb05d2
                                                                                  • Opcode Fuzzy Hash: 5f05478b5cb1d07523c72b310ffb43d7a8ce5bc8648096d42fd2dce238e67d61
                                                                                  • Instruction Fuzzy Hash: 7231F532542A12DBC7219B2CDD40F567765BF81768F11873BE8698B9D0EB24FC12CA90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5A3D40, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 98memorytimeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 54%
                                                                                  			E6F5A3D40(intOrPtr __ecx, void** __edx) {
				signed int _v8;
				void** _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				void* _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t34;
				void* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				void** _t55;
				void _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				void** _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x6f5ed360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E6F512280(_t34, 0x6f5e8a6c);
				_t64 =  *0x6f5e5768; // 0x6f5e5768
				if(_t64 != 0x6f5e5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x6f5e5770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E6F50FFB0(_t53, _t64, 0x6f5e8a6c);
						_t10 = _t64 + 0xc; // 0x6f4ee2b8
						 *0x6f5eb1e0(_v24, _t67);
						if( *((intOrPtr*)( *_t10))() != 0) {
							_v37 = 1;
						}
						E6F512280(_t45, 0x6f5e8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t15 = _t53 + 4; // 0x6f5e5768
							_t48 =  *_t15;
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x6f5e5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E6F50FFB0(_t51, _t64, 0x6f5e8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E6F53B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                                                  0x6f5a3d40
                                                                                  0x6f5a3d48
                                                                                  0x6f5a3d52
                                                                                  0x6f5a3d59
                                                                                  0x6f5a3d5d
                                                                                  0x6f5a3d61
                                                                                  0x6f5a3d63
                                                                                  0x6f5a3d67
                                                                                  0x6f5a3d69
                                                                                  0x6f5a3d72
                                                                                  0x6f5a3d76
                                                                                  0x6f5a3d7a
                                                                                  0x6f5a3d7f
                                                                                  0x6f5a3d8b
                                                                                  0x6f5a3d91
                                                                                  0x6f5a3d91
                                                                                  0x6f5a3d91
                                                                                  0x6f5a3d94
                                                                                  0x6f5a3d96
                                                                                  0x6f5a3d9d
                                                                                  0x6f5a3da1
                                                                                  0x6f5a3da7
                                                                                  0x6f5a3db0
                                                                                  0x6f5a3dba
                                                                                  0x6f5a3dbc
                                                                                  0x6f5a3dbc
                                                                                  0x6f5a3dc6
                                                                                  0x6f5a3dcb
                                                                                  0x6f5a3dcf
                                                                                  0x6f5a3dd1
                                                                                  0x6f5a3dd4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5a3dd9
                                                                                  0x6f5a3e0c
                                                                                  0x6f5a3e0c
                                                                                  0x6f5a3e0f
                                                                                  0x6f5a3ddb
                                                                                  0x6f5a3ddb
                                                                                  0x6f5a3ddb
                                                                                  0x6f5a3de0
                                                                                  0x00000000
                                                                                  0x6f5a3de2
                                                                                  0x6f5a3de2
                                                                                  0x6f5a3de4
                                                                                  0x6f5a3de8
                                                                                  0x6f5a3deb
                                                                                  0x6f5a3df1
                                                                                  0x00000000
                                                                                  0x6f5a3df3
                                                                                  0x6f5a3df3
                                                                                  0x6f5a3df5
                                                                                  0x6f5a3df8
                                                                                  0x6f5a3dfa
                                                                                  0x00000000
                                                                                  0x6f5a3dfa
                                                                                  0x6f5a3df1
                                                                                  0x6f5a3de0
                                                                                  0x6f5a3e11
                                                                                  0x6f5a3e11
                                                                                  0x00000000
                                                                                  0x6f5a3dfe
                                                                                  0x6f5a3e04
                                                                                  0x6f5a3e06
                                                                                  0x00000000
                                                                                  0x6f5a3e06
                                                                                  0x00000000
                                                                                  0x6f5a3e04
                                                                                  0x6f5a3d91
                                                                                  0x6f5a3e15
                                                                                  0x6f5a3e1a
                                                                                  0x6f5a3e1f
                                                                                  0x6f5a3e1f
                                                                                  0x6f5a3e23
                                                                                  0x6f5a3e29
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5a3e2e
                                                                                  0x00000000
                                                                                  0x6f5a3e30
                                                                                  0x6f5a3e30
                                                                                  0x6f5a3e35
                                                                                  0x00000000
                                                                                  0x6f5a3e37
                                                                                  0x6f5a3e3e
                                                                                  0x6f5a3e42
                                                                                  0x6f5a3e48
                                                                                  0x6f5a3e4e
                                                                                  0x00000000
                                                                                  0x6f5a3e4e
                                                                                  0x6f5a3e35
                                                                                  0x00000000
                                                                                  0x6f5a3e2e
                                                                                  0x6f5a3e5b
                                                                                  0x6f5a3e5c
                                                                                  0x6f5a3e5d
                                                                                  0x6f5a3e68
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E8A6C,?,00000000,00000000,?,?,?,?,?,?,6F5A3CAA,00000000,00008000,?), ref: 6F5A3D7A
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E8A6C,6F5E8A6C,?,00000000,00000000,?,?,?,?,?,?,6F5A3CAA,00000000,00008000,?), ref: 6F5A3DA1
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,6F5E8A6C,6F5E8A6C,?,00000000,00000000,?,?,?,?,?,?,6F5A3CAA,00000000,00008000), ref: 6F5A3DB0
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E8A6C,?,?,?,?,?,?,6F5A3CAA,00000000,00008000,?), ref: 6F5A3DC6
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E8A6C,6F5E8A6C,?,00000000,00000000,?,?,?,?,?,?,6F5A3CAA,00000000,00008000,?), ref: 6F5A3E1A
                                                                                  • RtlFreeHeap.BCCB(?,00000000,6F5E8A6C,6F5E8A6C,6F5E8A6C,6F5E8A6C,?,00000000,00000000,?,?,?,?,?,?,6F5A3CAA), ref: 6F5A3E4E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireRelease$DebugFreeHeapPrintTimes
                                                                                  • String ID: hW^o$hW^o
                                                                                  • API String ID: 1017367878-2383184038
                                                                                  • Opcode ID: 5c30dbc330c18f1e5c4dadca4e820f555e294c4ecdf28e99bb5945eaa940b9a3
                                                                                  • Instruction ID: 4f3ff57af28f4f6adc07041e02d5d31004da0c317998f79f4f02dbcb9178aa77
                                                                                  • Opcode Fuzzy Hash: 5c30dbc330c18f1e5c4dadca4e820f555e294c4ecdf28e99bb5945eaa940b9a3
                                                                                  • Instruction Fuzzy Hash: 01315971509302DFC704DF28C58195ABBE1FF86319F05497EE4A49B690D732ED29CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F514120, Relevance: 13.9, APIs: 9, Instructions: 444memoryCOMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 91%
                                                                                  			E6F514120(signed char __ecx, intOrPtr* __edx, signed short* _a4, signed short* _a8, intOrPtr _a12, long* _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v16;
				signed int _v24;
				char _v532;
				char _v540;
				intOrPtr _v544;
				signed int _v548;
				void* _v552;
				long _v556;
				intOrPtr _v560;
				void* _v564;
				signed char _v568;
				void* _v570;
				long* _v572;
				long _v576;
				signed short* _v580;
				char _v581;
				signed short _v584;
				signed int _v588;
				unsigned int _v596;
				void* _v597;
				void* _v604;
				void* _v605;
				void* _v608;
				void* _v612;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t161;
				signed int _t162;
				char _t163;
				void* _t169;
				void* _t173;
				signed short _t177;
				void* _t181;
				unsigned int _t182;
				struct _EXCEPTION_RECORD _t184;
				signed int _t185;
				signed int _t213;
				void* _t221;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				void* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				long* _t260;
				long _t265;
				signed short* _t269;
				signed short _t271;
				signed char _t272;
				signed short* _t275;
				short* _t282;
				signed short _t283;
				void* _t287;
				signed short _t290;
				short* _t300;
				signed short _t308;
				int _t309;
				int _t311;
				signed short _t312;
				intOrPtr* _t316;
				long _t317;
				void* _t318;
				void* _t320;
				signed short* _t322;
				void* _t323;
				void* _t324;
				void* _t325;
				signed int _t326;
				void* _t327;
				signed int _t328;
				signed int _t330;

				_t330 = (_t328 & 0xfffffff8) - 0x24c;
				_v8 =  *0x6f5ed360 ^ _t330;
				_t157 = _a8;
				_t322 = _a4;
				_t316 = __edx;
				_v548 = __ecx;
				_t306 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *((short*)(__edx)) <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t316;
						_v552 =  *((intOrPtr*)(_t316 + 4));
						_t161 = E6F52F232( &_v556);
						_t317 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t307 = 0x208;
						_t317 = E6F516E30(_t316, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t317 == 0) {
							L68:
							_t323 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t317 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t317);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_v596 = _t317;
											_t307 = _t317;
											_t317 = E6F516E30(_v572, _t317, _t254, _v580, _t330 + 0x1b,  &_v548);
											if(_t317 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t317;
									 *((short*)(_t330 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t317 < 2) {
										L11:
										if(_t317 < 4 ||  *_t254 == 0 ||  *(_t254 + 2) != 0x3a) {
											_t161 = 5;
										} else {
											if(_t317 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 =  *(_t254 + 4) & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t317 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 =  *(_t254 + 2) & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t317 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 =  *(_t254 + 4) & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t317 < 8) {
																L85:
																_t161 = ((0 | _t317 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 =  *(_t254 + 6) & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M6F5145F8))) {
												case 0:
													_v568 = 0x6f4d1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x6f4d11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t307 =  *_v568 & 0x0000ffff;
									_t265 = _t307 - _v564 + 2 + (_t317 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t323 = 0xc0000106;
									} else {
										if(_t322 != 0) {
											if(_t265 > (_t322[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t323 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t307;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t322) {
												_t323 = 0xc000000d;
											} else {
												L23:
												_t173 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t265);
												_t269 = _v588;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t323 = 0xc0000017;
												} else {
													_t317 = _v564;
													 *_t269 = 0;
													_t322 = _t269;
													_t269[1] = _v584;
													_t177 =  *_v576 & 0x0000ffff;
													L25:
													_v588 = _t177;
													if(_t177 == 0) {
														L29:
														_t308 =  *_t322 & 0x0000ffff;
													} else {
														_t290 =  *_t322 & 0x0000ffff;
														_v584 = _t290;
														_t311 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + _t311 > (_t322[1] & 0x0000ffff)) {
															_t308 =  *_t322 & 0xffff;
														} else {
															_t221 = _t322[2] + ((_v584 & 0x0000ffff) >> 1) * 2;
															_v584 = _t221;
															memmove(_t221,  *(_v576 + 4), _t311);
															_t330 = _t330 + 0xc;
															_t312 = _v588;
															_t225 =  *_t322 + _t312 & 0x0000ffff;
															 *_t322 = _t225;
															if(_t225 + 1 < (_t322[1] & 0x0000ffff)) {
																 *((short*)(_v584 + ((_t312 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v564 - _v596 + _v596;
													_v588 = _t308;
													_v584 = _t271;
													if(_t271 != 0) {
														_t309 = _t271 & 0x0000ffff;
														_v596 = _t309;
														if(_t309 + (_t308 & 0x0000ffff) <= (_t322[1] & 0x0000ffff)) {
															_t287 = _t322[2] + ((_v588 & 0x0000ffff) >> 1) * 2;
															_v588 = _t287;
															memmove(_t287, _v560 + _v572, _t309);
															_t330 = _t330 + 0xc;
															_t213 =  *_t322 + _v584 & 0x0000ffff;
															 *_t322 = _t213;
															if(_t213 + 1 < (_t322[1] & 0x0000ffff)) {
																 *((short*)(_v588 + (_v596 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v568;
													if(_t272 != 0) {
														 *_t272 = _t322;
													}
													_t307 = 0;
													 *((short*)(_t322[2] + (( *_t322 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v580;
													if(_t275 != 0) {
														_t307 =  *_t275;
														if(_t307 != 0) {
															 *_t275 = ( *_v576 & 0x0000ffff) - _v572 - _t254 + _t307 + _t322[2];
														}
													}
													_t181 = _v552;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v548 == 5) {
															_t182 = E6F4F52A5(1);
															_v596 = _t182;
															if(_t182 == 0) {
																E6F50EB70(1, 0x6f5e79a0);
																goto L38;
															} else {
																_t184 = _t182 + 0xc;
																_v568 = _t184;
																_t185 = RtlPrefixUnicodeString(_t184,  &_v564, 1);
																if(_t185 == 0) {
																	_t325 = _v608;
																	goto L97;
																} else {
																	_t307 = _v564;
																	_t282 = ( *_v580 & 0x0000ffff) - _v584 + ( *_v588 & 0x0000ffff) + _t322[2];
																	 *((intOrPtr*)(_t307 + 4)) = _t282;
																	_v596 = _t282;
																	_t326 = _t317 -  *_v580 & 0x0000ffff;
																	 *_t307 = _t326;
																	if( *_t282 == 0x5c) {
																		_t149 = _t326 - 2; // -2
																		_t283 = _t149;
																		 *_t307 = _t283;
																		 *((intOrPtr*)(_t307 + 4)) = _v596 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t325 = _v608;
																	 *(_t307 + 2) = _t185;
																	if((_v568 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t325 + 4)));
																			E6F5395D0();
																			RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t325);
																		}
																	} else {
																		 *(_t307 + 0xc) = _t325;
																		 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t325 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t323 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t254);
									}
									_t169 = _t323;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t318);
					_pop(_t324);
					_pop(_t255);
					return E6F53B640(_t169, _t255, _v16 ^ _t330, _t307, _t318, _t324);
				} else {
					_t300 =  *((intOrPtr*)(__edx + 4));
					if( *_t300 == 0x5c) {
						_t256 =  *(_t300 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t300 + 4)) != 0x3f ||  *((short*)(_t300 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E6F533D43(_t316, _t322, _t157, _v560, _v572, _t306);
								_pop(_t320);
								_pop(_t327);
								_pop(_t257);
								return E6F53B640(_t251, _t257, _v24 ^ _t330, _t322, _t320, _t327);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}



















































































                                                                                  0x6f514128
                                                                                  0x6f514135
                                                                                  0x6f51413c
                                                                                  0x6f514141
                                                                                  0x6f514145
                                                                                  0x6f514147
                                                                                  0x6f51414e
                                                                                  0x6f514151
                                                                                  0x6f514159
                                                                                  0x6f51415c
                                                                                  0x6f514160
                                                                                  0x6f514164
                                                                                  0x6f514168
                                                                                  0x6f51416c
                                                                                  0x6f51417f
                                                                                  0x6f514181
                                                                                  0x6f51446a
                                                                                  0x6f51446a
                                                                                  0x6f51418c
                                                                                  0x6f514195
                                                                                  0x6f514199
                                                                                  0x6f514432
                                                                                  0x6f514439
                                                                                  0x6f51443d
                                                                                  0x6f514442
                                                                                  0x6f514447
                                                                                  0x00000000
                                                                                  0x6f51419f
                                                                                  0x6f5141a3
                                                                                  0x6f5141b9
                                                                                  0x6f5141bd
                                                                                  0x6f5145db
                                                                                  0x6f5145db
                                                                                  0x00000000
                                                                                  0x6f5141c3
                                                                                  0x6f5141c3
                                                                                  0x6f5141ce
                                                                                  0x6f5141d4
                                                                                  0x6f55e138
                                                                                  0x6f55e13e
                                                                                  0x6f55e169
                                                                                  0x6f55e16d
                                                                                  0x6f55e19e
                                                                                  0x6f55e16f
                                                                                  0x6f55e175
                                                                                  0x6f55e179
                                                                                  0x6f55e18f
                                                                                  0x6f55e193
                                                                                  0x00000000
                                                                                  0x6f55e199
                                                                                  0x00000000
                                                                                  0x6f55e199
                                                                                  0x6f55e193
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5141da
                                                                                  0x6f5141da
                                                                                  0x6f5141df
                                                                                  0x6f5141e4
                                                                                  0x6f5141ec
                                                                                  0x6f514203
                                                                                  0x6f514207
                                                                                  0x6f55e1fd
                                                                                  0x6f514222
                                                                                  0x6f514226
                                                                                  0x6f55e1f3
                                                                                  0x6f55e1f3
                                                                                  0x6f51422c
                                                                                  0x6f51422c
                                                                                  0x6f514233
                                                                                  0x6f55e1ed
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f514239
                                                                                  0x6f514239
                                                                                  0x6f514239
                                                                                  0x6f514239
                                                                                  0x6f514233
                                                                                  0x6f514226
                                                                                  0x6f5141ee
                                                                                  0x6f5141ee
                                                                                  0x6f5141f4
                                                                                  0x6f514575
                                                                                  0x6f55e1b1
                                                                                  0x6f55e1b1
                                                                                  0x00000000
                                                                                  0x6f51457b
                                                                                  0x6f51457b
                                                                                  0x6f514582
                                                                                  0x6f55e1ab
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f514588
                                                                                  0x6f514588
                                                                                  0x6f51458c
                                                                                  0x6f55e1c4
                                                                                  0x6f55e1c4
                                                                                  0x00000000
                                                                                  0x6f514592
                                                                                  0x6f514592
                                                                                  0x6f514599
                                                                                  0x6f55e1be
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f51459f
                                                                                  0x6f51459f
                                                                                  0x6f5145a3
                                                                                  0x6f55e1d7
                                                                                  0x6f55e1e4
                                                                                  0x00000000
                                                                                  0x6f5145a9
                                                                                  0x6f5145a9
                                                                                  0x6f5145b0
                                                                                  0x6f55e1d1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5145b6
                                                                                  0x6f5145b6
                                                                                  0x6f5145b6
                                                                                  0x00000000
                                                                                  0x6f5145b6
                                                                                  0x6f5145b0
                                                                                  0x6f5145a3
                                                                                  0x6f514599
                                                                                  0x6f51458c
                                                                                  0x6f514582
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5141f4
                                                                                  0x6f51423e
                                                                                  0x6f514241
                                                                                  0x6f5145c0
                                                                                  0x6f5145c4
                                                                                  0x00000000
                                                                                  0x6f5145ca
                                                                                  0x6f5145ca
                                                                                  0x00000000
                                                                                  0x6f55e207
                                                                                  0x6f55e20f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5145d1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5145ca
                                                                                  0x00000000
                                                                                  0x6f514247
                                                                                  0x6f514247
                                                                                  0x6f514247
                                                                                  0x6f514249
                                                                                  0x6f514249
                                                                                  0x6f514249
                                                                                  0x6f514251
                                                                                  0x6f514251
                                                                                  0x6f514257
                                                                                  0x6f51425f
                                                                                  0x6f51426e
                                                                                  0x6f514270
                                                                                  0x6f51427a
                                                                                  0x6f55e219
                                                                                  0x6f55e219
                                                                                  0x6f514280
                                                                                  0x6f514282
                                                                                  0x6f514456
                                                                                  0x6f5145ea
                                                                                  0x00000000
                                                                                  0x6f5145f0
                                                                                  0x6f55e223
                                                                                  0x00000000
                                                                                  0x6f55e223
                                                                                  0x6f51445c
                                                                                  0x6f51445c
                                                                                  0x00000000
                                                                                  0x6f51445c
                                                                                  0x00000000
                                                                                  0x6f514288
                                                                                  0x6f51428c
                                                                                  0x6f55e298
                                                                                  0x6f514292
                                                                                  0x6f514292
                                                                                  0x6f51429e
                                                                                  0x6f5142a3
                                                                                  0x6f5142a7
                                                                                  0x6f5142ac
                                                                                  0x6f55e22d
                                                                                  0x6f5142b2
                                                                                  0x6f5142b2
                                                                                  0x6f5142b9
                                                                                  0x6f5142bc
                                                                                  0x6f5142c2
                                                                                  0x6f5142ca
                                                                                  0x6f5142cd
                                                                                  0x6f5142cd
                                                                                  0x6f5142d4
                                                                                  0x6f51433f
                                                                                  0x6f51433f
                                                                                  0x6f5142d6
                                                                                  0x6f5142d6
                                                                                  0x6f5142d9
                                                                                  0x6f5142dd
                                                                                  0x6f5142eb
                                                                                  0x6f55e23a
                                                                                  0x6f5142f1
                                                                                  0x6f5142fe
                                                                                  0x6f514305
                                                                                  0x6f51430d
                                                                                  0x6f514315
                                                                                  0x6f514318
                                                                                  0x6f51431f
                                                                                  0x6f514322
                                                                                  0x6f51432e
                                                                                  0x6f51433b
                                                                                  0x6f51433b
                                                                                  0x00000000
                                                                                  0x6f51432e
                                                                                  0x6f5142eb
                                                                                  0x6f51434c
                                                                                  0x6f51434e
                                                                                  0x6f514352
                                                                                  0x6f514359
                                                                                  0x6f51435e
                                                                                  0x6f514361
                                                                                  0x6f51436e
                                                                                  0x6f51437d
                                                                                  0x6f51438a
                                                                                  0x6f51438e
                                                                                  0x6f514396
                                                                                  0x6f51439e
                                                                                  0x6f5143a1
                                                                                  0x6f5143ad
                                                                                  0x6f5143bb
                                                                                  0x6f5143bb
                                                                                  0x6f5143ad
                                                                                  0x6f51436e
                                                                                  0x6f5143bf
                                                                                  0x6f5143c5
                                                                                  0x6f514463
                                                                                  0x6f514463
                                                                                  0x6f5143ce
                                                                                  0x6f5143d5
                                                                                  0x6f5143d9
                                                                                  0x6f5143df
                                                                                  0x6f514475
                                                                                  0x6f514479
                                                                                  0x6f514491
                                                                                  0x6f514491
                                                                                  0x6f514479
                                                                                  0x6f5143e5
                                                                                  0x6f5143eb
                                                                                  0x6f5143f4
                                                                                  0x6f5143f6
                                                                                  0x6f5143f9
                                                                                  0x6f5143fc
                                                                                  0x6f5143ff
                                                                                  0x6f5144e8
                                                                                  0x6f5144ed
                                                                                  0x6f5144f3
                                                                                  0x6f55e247
                                                                                  0x00000000
                                                                                  0x6f5144f9
                                                                                  0x6f5144ff
                                                                                  0x6f514504
                                                                                  0x6f514508
                                                                                  0x6f51450f
                                                                                  0x6f55e269
                                                                                  0x00000000
                                                                                  0x6f514515
                                                                                  0x6f514519
                                                                                  0x6f514531
                                                                                  0x6f514534
                                                                                  0x6f514537
                                                                                  0x6f51453e
                                                                                  0x6f514541
                                                                                  0x6f51454a
                                                                                  0x6f55e255
                                                                                  0x6f55e255
                                                                                  0x6f55e25b
                                                                                  0x6f55e25e
                                                                                  0x6f55e261
                                                                                  0x6f55e261
                                                                                  0x6f514555
                                                                                  0x6f514559
                                                                                  0x6f51455d
                                                                                  0x6f55e26d
                                                                                  0x6f55e270
                                                                                  0x6f55e274
                                                                                  0x6f55e27a
                                                                                  0x6f55e27d
                                                                                  0x6f55e28e
                                                                                  0x6f55e28e
                                                                                  0x6f514563
                                                                                  0x6f514563
                                                                                  0x6f514569
                                                                                  0x6f514569
                                                                                  0x00000000
                                                                                  0x6f51455d
                                                                                  0x6f51450f
                                                                                  0x00000000
                                                                                  0x6f5144f3
                                                                                  0x6f5143ff
                                                                                  0x6f514405
                                                                                  0x6f514405
                                                                                  0x6f514405
                                                                                  0x6f5142ac
                                                                                  0x6f51428c
                                                                                  0x6f514282
                                                                                  0x6f514407
                                                                                  0x6f51440d
                                                                                  0x6f55e2af
                                                                                  0x6f55e2af
                                                                                  0x6f514413
                                                                                  0x6f514413
                                                                                  0x00000000
                                                                                  0x6f5141d4
                                                                                  0x00000000
                                                                                  0x6f5141c3
                                                                                  0x6f5141bd
                                                                                  0x6f514415
                                                                                  0x6f514415
                                                                                  0x6f514416
                                                                                  0x6f514417
                                                                                  0x6f514429
                                                                                  0x6f51416e
                                                                                  0x6f51416e
                                                                                  0x6f514175
                                                                                  0x6f514498
                                                                                  0x6f51449f
                                                                                  0x6f55e12d
                                                                                  0x00000000
                                                                                  0x6f55e133
                                                                                  0x00000000
                                                                                  0x6f55e133
                                                                                  0x6f5144a5
                                                                                  0x6f5144a5
                                                                                  0x6f5144aa
                                                                                  0x00000000
                                                                                  0x6f5144bb
                                                                                  0x6f5144ca
                                                                                  0x6f5144d6
                                                                                  0x6f5144d7
                                                                                  0x6f5144d8
                                                                                  0x6f5144e3
                                                                                  0x6f5144e3
                                                                                  0x6f5144aa
                                                                                  0x6f51417b
                                                                                  0x6f51417b
                                                                                  0x6f51417b
                                                                                  0x00000000
                                                                                  0x6f51417b
                                                                                  0x6f514175
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?,?,00000000,?,?), ref: 6F51429E
                                                                                  • memmove.BCCB(?,?,?,?,00000000,?,?,00000000,?,?), ref: 6F51430D
                                                                                  • memmove.BCCB(?,?,?,?,00000000,?,?,00000000,?,?), ref: 6F51438E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memmove$AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1771830547-0
                                                                                  • Opcode ID: 0ea2142ccdb211f804e7a7f4756d4d2e9fb1f46225a329d3a48a82111713776e
                                                                                  • Instruction ID: 9a73149e67ffe5a2da21ec01b661ef5d862ef28fc70bcad94f995506a97e703f
                                                                                  • Opcode Fuzzy Hash: 0ea2142ccdb211f804e7a7f4756d4d2e9fb1f46225a329d3a48a82111713776e
                                                                                  • Instruction Fuzzy Hash: 22F16A706087118BE714CF69C480A6AB7E1BF8A718F15593EF895CB290E735EC92CB52
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F524D3B, Relevance: 13.6, APIs: 9, Instructions: 131nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 78%
                                                                                  			E6F524D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				void _v176;
				char _v177;
				long _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t42;
				void* _t44;
				long _t46;
				intOrPtr _t50;
				long _t56;
				void* _t57;
				int _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x6f5ed360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				memset( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x6f5e7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E6F53B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t57);
						}
						_v177 = 1;
						_t44 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = RtlNtStatusToDosError(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E6F53B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E6F53F380(_t67 + 0xc, 0x6f4d5138, 0x10) == 0) {
								 *0x6f5e60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E6F524F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				_t56 = E6F524E70(0x6f5e86b0, 0x6f525690, 0, 0);
				if(_t56 != 0) {
					_t46 = RtlNtStatusToDosError(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}





















                                                                                  0x6f524d3b
                                                                                  0x6f524d4d
                                                                                  0x6f524d53
                                                                                  0x6f524d58
                                                                                  0x6f524d65
                                                                                  0x6f524d6c
                                                                                  0x6f524d71
                                                                                  0x6f524d77
                                                                                  0x6f524d7f
                                                                                  0x6f524d8c
                                                                                  0x6f524d8e
                                                                                  0x6f524dad
                                                                                  0x6f524db0
                                                                                  0x6f524db7
                                                                                  0x6f524db8
                                                                                  0x6f524db9
                                                                                  0x6f524dba
                                                                                  0x6f524dbb
                                                                                  0x6f524dc1
                                                                                  0x6f524dc8
                                                                                  0x6f524dcc
                                                                                  0x6f524dd5
                                                                                  0x6f524dde
                                                                                  0x6f524ddf
                                                                                  0x6f524de0
                                                                                  0x6f524de1
                                                                                  0x6f524de6
                                                                                  0x6f524de7
                                                                                  0x6f524de9
                                                                                  0x6f524df3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f566c7c
                                                                                  0x6f566c8a
                                                                                  0x6f566c8a
                                                                                  0x6f566c9d
                                                                                  0x6f566ca7
                                                                                  0x6f566cac
                                                                                  0x6f566cb2
                                                                                  0x6f566cb9
                                                                                  0x00000000
                                                                                  0x6f566cbf
                                                                                  0x6f566cbf
                                                                                  0x00000000
                                                                                  0x6f566cbf
                                                                                  0x6f566cb9
                                                                                  0x6f524dfb
                                                                                  0x6f566ccf
                                                                                  0x6f566cd3
                                                                                  0x6f524e32
                                                                                  0x6f524e39
                                                                                  0x6f566ce0
                                                                                  0x6f566cf2
                                                                                  0x6f566cf2
                                                                                  0x6f566ce0
                                                                                  0x6f524e3f
                                                                                  0x6f524e41
                                                                                  0x6f524e51
                                                                                  0x6f524e51
                                                                                  0x6f524e03
                                                                                  0x6f524e03
                                                                                  0x6f524e09
                                                                                  0x6f524e0f
                                                                                  0x6f524e57
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f524e1b
                                                                                  0x6f524e30
                                                                                  0x6f524e5b
                                                                                  0x6f524e5b
                                                                                  0x00000000
                                                                                  0x6f524e30
                                                                                  0x6f524e11
                                                                                  0x6f524e11
                                                                                  0x6f524e16
                                                                                  0x00000000
                                                                                  0x6f524e16
                                                                                  0x6f524e01
                                                                                  0x00000000
                                                                                  0x6f524e01
                                                                                  0x6f524d9e
                                                                                  0x6f524da5
                                                                                  0x6f566c6b
                                                                                  0x00000000
                                                                                  0x6f524dab
                                                                                  0x6f524dab
                                                                                  0x00000000
                                                                                  0x6f524dab

                                                                                  APIs
                                                                                  • memset.BCCB(?,00000000,000000A0,00000000,00000000,00000024), ref: 6F524D77
                                                                                  • RtlRunOnceExecuteOnce.BCCB(6F5E86B0,6F525690,00000000,00000000,00000000,00000000,00000024), ref: 6F524D9E
                                                                                  • ZwTraceControl.BCCB(0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6F524DE9
                                                                                  • memcmp.BCCB(00000000,6F4D5138,00000010,0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6F524E26
                                                                                  • RtlNtStatusToDosError.BCCB(00000000,6F5E86B0,6F525690,00000000,00000000,00000000,00000000,00000024), ref: 6F566C6B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Once$ControlErrorExecuteStatusTracememcmpmemset
                                                                                  • String ID:
                                                                                  • API String ID: 1949686928-0
                                                                                  • Opcode ID: b1a83a5051e76f22d27ef4ad19ad525e79db028f2d9c716e66f8c58cb150b968
                                                                                  • Instruction ID: 8ad9a5dbf8525ba4c4ea662dd9295c9193fe072dd817c82c396ade9ef58dbd98
                                                                                  • Opcode Fuzzy Hash: b1a83a5051e76f22d27ef4ad19ad525e79db028f2d9c716e66f8c58cb150b968
                                                                                  • Instruction Fuzzy Hash: 8041B371A447589FEB21CF24C980F96B7E9FB45714F0001BAE9559B2C1DB70ED44CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F524BAD, Relevance: 13.6, APIs: 9, Instructions: 131memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 84%
                                                                                  			E6F524BAD(long __ecx, void* __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				long _v28;
				intOrPtr _v32;
				char _v36;
				void _v156;
				short _v158;
				intOrPtr _v160;
				long _v164;
				long _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				void* _t84;
				void* _t85;
				long _t86;
				int _t87;
				long _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x6f5ed360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E6F4FCC50(_t86);
					L11:
					return E6F53B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0 || _t45 !=  *((intOrPtr*)(_t77 + 0x34))) {
					goto L22;
				} else {
					_t9 = _t77 + 0x24; // 0x6f5e8504
					E6F512280(_t9, _t9);
					_t87 = 0x78;
					 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
					memset( &_v156, 0, _t87);
					_t85 =  &_v156;
					_v36 =  *((intOrPtr*)(_t77 + 0x30));
					_v28 = _v168;
					_v32 = 0;
					_v24 = 0;
					_v20 = _v158;
					_v160 = 0;
					while(1) {
						_push( &_v164);
						_push(_t87);
						_push(_t85);
						_push(0x18);
						_push( &_v36);
						_push(0x1e);
						_t88 = E6F53B0B0();
						if(_t88 != 0xc0000023) {
							break;
						}
						if(_t85 !=  &_v156) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t85);
						}
						_t84 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v164);
						_v168 = _v164;
						if(_t84 == 0) {
							_t88 = 0xc0000017;
							goto L19;
						} else {
							_t74 = _v160 + 1;
							_v160 = _t74;
							if(_t74 >= 0x10) {
								L19:
								_t86 = RtlNtStatusToDosError(_t88);
								if(_t86 != 0) {
									L8:
									 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
									_t30 = _t77 + 0x24; // 0x6f5e8504
									E6F50FFB0(_t77, _t84, _t30);
									if(_t84 != 0 && _t84 !=  &_v156) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t84);
									}
									if(_t86 != 0) {
										goto L12;
									} else {
										goto L11;
									}
								}
								L6:
								 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
								if(_v164 != 0) {
									_t83 = _t84;
									E6F524F49(_t77, _t84);
								}
								goto L8;
							}
							_t87 = _v168;
							continue;
						}
					}
					if(_t88 != 0) {
						goto L19;
					}
					goto L6;
				}
			}


























                                                                                  0x6f524bad
                                                                                  0x6f524bbf
                                                                                  0x6f524bc2
                                                                                  0x6f524bc6
                                                                                  0x6f524bcd
                                                                                  0x6f524bd9
                                                                                  0x6f5667fe
                                                                                  0x6f566800
                                                                                  0x6f524ccc
                                                                                  0x6f524ccd
                                                                                  0x6f524cb7
                                                                                  0x6f524cc9
                                                                                  0x6f524cc9
                                                                                  0x6f524bdf
                                                                                  0x6f524be5
                                                                                  0x00000000
                                                                                  0x6f524bf5
                                                                                  0x6f524bf5
                                                                                  0x6f524bf9
                                                                                  0x6f524c06
                                                                                  0x6f524c0b
                                                                                  0x6f524c17
                                                                                  0x6f524c1f
                                                                                  0x6f524c25
                                                                                  0x6f524c33
                                                                                  0x6f524c3d
                                                                                  0x6f524c40
                                                                                  0x6f524c43
                                                                                  0x6f524c47
                                                                                  0x6f524c4d
                                                                                  0x6f524c53
                                                                                  0x6f524c54
                                                                                  0x6f524c55
                                                                                  0x6f524c56
                                                                                  0x6f524c5b
                                                                                  0x6f524c5c
                                                                                  0x6f524c63
                                                                                  0x6f524c6b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f566776
                                                                                  0x6f566784
                                                                                  0x6f566784
                                                                                  0x6f56679f
                                                                                  0x6f5667a7
                                                                                  0x6f5667af
                                                                                  0x6f5667ce
                                                                                  0x00000000
                                                                                  0x6f5667b1
                                                                                  0x6f5667b7
                                                                                  0x6f5667b8
                                                                                  0x6f5667c1
                                                                                  0x6f5667d3
                                                                                  0x6f5667d9
                                                                                  0x6f5667dd
                                                                                  0x6f524c94
                                                                                  0x6f524c94
                                                                                  0x6f524c98
                                                                                  0x6f524c9c
                                                                                  0x6f524ca3
                                                                                  0x6f5667f4
                                                                                  0x6f5667f4
                                                                                  0x6f524cb5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f524cb5
                                                                                  0x6f524c79
                                                                                  0x6f524c7e
                                                                                  0x6f524c89
                                                                                  0x6f524c8b
                                                                                  0x6f524c8f
                                                                                  0x6f524c8f
                                                                                  0x00000000
                                                                                  0x6f524c89
                                                                                  0x6f5667c3
                                                                                  0x00000000
                                                                                  0x6f5667c3
                                                                                  0x6f5667af
                                                                                  0x6f524c73
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f524c73

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E8504,6F5E5338,00000000,6F5E5320), ref: 6F524BF9
                                                                                  • memset.BCCB(?,00000000,00000078,6F5E8504,6F5E5338,00000000,6F5E5320), ref: 6F524C17
                                                                                  • ZwTraceControl.BCCB(0000001E,00000000,00000018,?,00000078,?,6F5E5338,00000000,6F5E5320), ref: 6F524C5E
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E8504,C0000017,?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6F5E5338,00000000,6F5E5320), ref: 6F524C9C
                                                                                  • RtlSetLastWin32Error.BCCB(00000000,6F5E8504,C0000017,?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6F5E5338,00000000,6F5E5320), ref: 6F524CCD
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,0000001E,00000000,00000018,?,00000078,?,6F5E5338,00000000,6F5E5320), ref: 6F566784
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6F5E5338,00000000,6F5E5320), ref: 6F56679A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveHeapLock$AcquireAllocateControlErrorFreeLastReleaseTraceWin32memset
                                                                                  • String ID:
                                                                                  • API String ID: 375855687-0
                                                                                  • Opcode ID: 826761f73fa0d314bfdad2ff3c0646e4cd8613cdd21525e033962f6a4501718a
                                                                                  • Instruction ID: b2125b512b8c91e87e087fedf0365c5d62f28e6b4cf6d05e8d064c8e6c81bcea
                                                                                  • Opcode Fuzzy Hash: 826761f73fa0d314bfdad2ff3c0646e4cd8613cdd21525e033962f6a4501718a
                                                                                  • Instruction Fuzzy Hash: DA41A332A407289BDB21DF68C940BDA77B4BF46700F0105B6E918AB691DB74EE85CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51C182, Relevance: 13.6, APIs: 9, Instructions: 104COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 67%
                                                                                  			E6F51C182(void* __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				char* _t43;
				void* _t48;
				signed char _t62;
				void* _t63;
				void* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E6F517D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E6F5C8D34(_v8, _t80);
					}
					E6F512280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E6F50FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t83 = _t80 + 0xd0;
						E6F5C8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E6F50FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E6F53B180();
						if(_a4 != 0) {
							E6F512280(_t48, _t81);
						}
					} else {
						E6F51BB2D(_v8 + 0xc, _t80 + 0x98);
						E6F51BB2D(_v8 + 8, _t80 + 0xb0);
						E6F51B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E6F50FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							E6F50FFB0(0, _t80, _t80 + 0x90);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					E6F50FFB0(0, __ecx, __ecx + 0x90);
				}
				return 0;
			}














                                                                                  0x6f51c18d
                                                                                  0x6f51c18f
                                                                                  0x6f51c191
                                                                                  0x6f51c19b
                                                                                  0x6f51c1a0
                                                                                  0x6f51c1d4
                                                                                  0x6f51c1de
                                                                                  0x6f562d6e
                                                                                  0x6f51c1e4
                                                                                  0x6f51c1e4
                                                                                  0x6f51c1e4
                                                                                  0x6f51c1ec
                                                                                  0x6f562d7d
                                                                                  0x6f562d7d
                                                                                  0x6f51c1f3
                                                                                  0x6f51c1ff
                                                                                  0x6f562d88
                                                                                  0x6f562d8d
                                                                                  0x6f562d94
                                                                                  0x6f562d9f
                                                                                  0x6f562da4
                                                                                  0x6f562dab
                                                                                  0x6f562db0
                                                                                  0x6f562db2
                                                                                  0x6f562db3
                                                                                  0x6f562db4
                                                                                  0x6f562dbc
                                                                                  0x6f562dc3
                                                                                  0x6f562dc3
                                                                                  0x6f51c205
                                                                                  0x6f51c211
                                                                                  0x6f51c222
                                                                                  0x6f51c22c
                                                                                  0x6f51c234
                                                                                  0x6f51c23a
                                                                                  0x6f51c23f
                                                                                  0x6f51c245
                                                                                  0x6f51c24b
                                                                                  0x6f51c251
                                                                                  0x6f51c25a
                                                                                  0x6f51c27d
                                                                                  0x6f51c27d
                                                                                  0x6f51c25c
                                                                                  0x6f51c25c
                                                                                  0x00000000
                                                                                  0x6f51c25e
                                                                                  0x6f51c1a4
                                                                                  0x6f51c1aa
                                                                                  0x6f51c1b3
                                                                                  0x6f51c26c
                                                                                  0x6f51c26c
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,?,00000000,?,00000000,?,?,?,?,?,6F5BC9F8,000000FE), ref: 6F51C1D7
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,?,?,00000000,?,00000000,?,?,?,?,?,6F5BC9F8,000000FE), ref: 6F51C1F3
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,00000000,?,00000000,?,?,?,?,?,6F5BC9F8,000000FE), ref: 6F51C23A
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000000,?,00000000,?,?,?,?,?,6F5BC9F8,000000FE), ref: 6F51C26C
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,?,00000000,?,00000000,?,?,?,?,?,6F5BC9F8,000000FE), ref: 6F51C27D
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireCurrentServiceSession
                                                                                  • String ID:
                                                                                  • API String ID: 4254861812-0
                                                                                  • Opcode ID: bdeba0c7626f7b2223eabf048399ca84a7f51063fc420e87d18673506539e28e
                                                                                  • Instruction ID: e384e442a607e46b0df5cb1699b99919805e730967f1027c088065bd96dc4e2a
                                                                                  • Opcode Fuzzy Hash: bdeba0c7626f7b2223eabf048399ca84a7f51063fc420e87d18673506539e28e
                                                                                  • Instruction Fuzzy Hash: 8931F671A49646BBE705DBB4C480BDAF7A4BF82308F04427AD42847341DB397D4AC7E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F52DE9E, Relevance: 13.6, APIs: 9, Instructions: 79memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 84%
                                                                                  			E6F52DE9E(void* __ecx) {
				char _v0;
				char _v12;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				void* _v60;
				void* _v64;
				void* _v65;
				void* _v66;
				void* __ebx;
				void* __edi;
				void* _t81;
				signed int _t82;
				intOrPtr* _t92;
				signed int _t96;
				intOrPtr* _t100;
				signed int _t103;
				signed int _t104;
				intOrPtr _t109;
				intOrPtr* _t110;
				signed int _t116;
				char _t121;
				void* _t128;
				signed int* _t130;
				signed int* _t135;
				signed int _t138;
				signed int _t140;
				void* _t145;
				unsigned int _t147;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				intOrPtr _t154;
				intOrPtr _t155;
				signed int _t156;
				intOrPtr* _t157;
				signed int _t161;
				signed int* _t162;
				char _t163;
				signed int _t164;
				signed int _t169;
				signed int _t171;
				intOrPtr* _t173;
				signed int _t176;
				signed int _t177;
				intOrPtr* _t178;
				void* _t181;
				void* _t183;
				signed int _t186;
				signed int _t188;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				void* _t196;

				_t194 = _t193 & 0xfffffff8;
				_push(__ecx);
				_push(_t173);
				_t181 = __ecx;
				_t81 = E6F512280( *0x6f5e84cc + 4,  *0x6f5e84cc + 4);
				_t128 = _t181 + 0x28;
				_t82 = E6F512280(_t81, _t128);
				asm("lock xadd [esi+0x50], eax");
				if((_t82 | 0xffffffff) != 1) {
					E6F50FFB0(_t128, _t173, _t128);
					L8:
					return E6F50FFB0(_t128, _t173,  *0x6f5e84cc + 4);
				} else {
					if(E6F517D50() != 0) {
						_t92 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
					} else {
						_t92 = 0x7ffe038e;
					}
					_t173 = _t181 + 0x10;
					if( *_t92 != 0) {
						E6F582EA3(_t181,  *_t173,  *((intOrPtr*)(_t173 + 4)));
					}
					_push(_t173);
					E6F53B150();
					_t96 = _t181 + 0x1c;
					_t162 =  *_t96;
					if(_t162[1] != _t96) {
						L10:
						_t145 = 3;
						asm("int 0x29");
						_t191 = _t194;
						_push(_t145);
						_push(_t145);
						_push(_t128);
						_push(_t181);
						_push(_t173);
						_t130 = _t162;
						_t183 = _t145;
						asm("lock xadd [esi+0x2c], eax");
						if((_t96 | 0xffffffff) == 1) {
							_t146 =  *((intOrPtr*)(_t183 + 0x28));
							if( *((intOrPtr*)(_t183 + 0x28)) != 0) {
								E6F4FA745(_t130, _t146, _t162, _t173);
							}
							_t100 = _t183 + 4;
							_t163 =  *_t100;
							if( *((intOrPtr*)(_t163 + 4)) != _t100) {
								L20:
								_t147 = 3;
								asm("int 0x29");
								_push(_t191);
								_t196 = (_t194 & 0xfffffff8) - 0x1c;
								_v56 = _v56 & 0x00000000;
								_push(_t130);
								 *((char*)(_t196 + 0xb)) = _t163;
								 *(_t196 + 0x18) = _t147;
								_push(_t183);
								_push(_t173);
								_t135 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + ((_t147 >> 0x00000005 & 0x0000007f) + 0x97) * 4;
								_t103 = 0;
								_t164 =  *_t135;
								_v48 = _t135;
								 *(_t196 + 0x12) = 0;
								if(_t164 != 0) {
									while((_t164 & 0x00000001) == 0) {
										_t103 = _t164;
										if((_t164 & 0x00000002) != 0) {
											asm("lock cmpxchg [ebx], ecx");
											if(_t103 != _t164) {
												goto L54;
											}
										} else {
											_t186 = _t164 | 0x00000002;
											asm("lock cmpxchg [ebx], ecx");
											if(_t103 != _t164) {
												L54:
												_t164 = _t103;
												if(_t103 != 0) {
													continue;
												} else {
												}
											} else {
												while(1) {
													L25:
													_t138 = _t186 & 0xfffffffc;
													 *(_t196 + 0x24) = _t138;
													_t176 = _t138;
													if( *((intOrPtr*)(_t138 + 0x10)) == 0) {
														goto L56;
													}
													L26:
													_t177 =  *((intOrPtr*)(_t176 + 0x10));
													 *((intOrPtr*)(_t138 + 0x10)) = _t177;
													while(_t177 != 0) {
														_t169 =  *((intOrPtr*)(_t177 + 0xc));
														_v52 = _t169;
														if( *_t177 !=  *((intOrPtr*)(_t196 + 0x20))) {
															L60:
															_t177 = _t169;
															continue;
														} else {
															_t152 =  *(_t177 + 8);
															if(_t177 != _t138) {
																 *(_t169 + 8) = _t152;
																_t153 =  *(_t177 + 8);
																_t109 =  *((intOrPtr*)(_t177 + 0xc));
																if(_t153 != 0) {
																	 *((intOrPtr*)(_t153 + 0xc)) = _t109;
																} else {
																	 *((intOrPtr*)(_t138 + 0x10)) = _t109;
																	 *((intOrPtr*)( *((intOrPtr*)(_t177 + 0xc)) + 0x10)) =  *((intOrPtr*)(_t177 + 0xc));
																}
																goto L34;
															} else {
																if(_t152 != 0) {
																	_t152 = _t152 ^ (_t152 ^ _t186) & 0x00000003;
																}
																_t116 = _t186;
																asm("lock cmpxchg [ebx], edx");
																_t138 =  *(_t196 + 0x24);
																if(_t116 != _t186) {
																	_t186 = _t116;
																	goto L25;
																} else {
																	_t171 =  *(_t177 + 8);
																	_t156 = _t152 & 0xffffff00 | _t152 == 0x00000000;
																	 *(_t196 + 0x12) = _t156;
																	if(_t171 != 0) {
																		 *(_t171 + 0xc) =  *(_t171 + 0xc) & 0x00000000;
																		 *((intOrPtr*)(_t171 + 0x10)) =  *((intOrPtr*)(_t177 + 0x10));
																		 *(_t196 + 0x12) = _t156;
																	}
																	_t169 = _v52;
																	L34:
																	_t154 = 2;
																	_t49 = _t177 + 0x14; // 0x14
																	_t110 = _t49;
																	_t155 =  *_t110;
																	 *_t110 = _t154;
																	if(_t155 == 2) {
																		goto L60;
																	} else {
																		if(_t155 == 0) {
																			 *(_t177 + 8) = _v56;
																			_v56 = _t177;
																		}
																		if( *((char*)(_t196 + 0x13)) != 0) {
																			goto L60;
																		}
																	}
																}
															}
														}
														break;
													}
													_t103 = _v56;
													if(_t103 != 0) {
														do {
															_push( *((intOrPtr*)(_t103 + 4)));
															_t188 =  *(_t103 + 8);
															E6F539BF0();
															_t103 = _t188;
														} while (_t188 != 0);
													}
													if( *(_t196 + 0x12) == 0) {
														_t151 =  *_v48;
														while(1) {
															_t140 = _t151 & 0x00000001;
															asm("sbb edx, edx");
															_t103 = _t151;
															asm("lock cmpxchg [esi], edx");
															if(_t103 == _t151) {
																break;
															}
															_t151 = _t103;
														}
														if(_t140 != 0) {
															_t103 = E6F5ACF30(_t103);
														}
													}
													goto L41;
													do {
														L56:
														_t104 = _t176;
														_t176 =  *(_t176 + 8);
														 *(_t176 + 0xc) = _t104;
													} while ( *((intOrPtr*)(_t176 + 0x10)) == 0);
													goto L26;
												}
											}
										}
										goto L41;
									}
								}
								L41:
								return _t103;
							} else {
								_t157 =  *((intOrPtr*)(_t100 + 4));
								if( *_t157 != _t100) {
									goto L20;
								} else {
									 *_t157 = _t163;
									 *((intOrPtr*)(_t163 + 4)) = _t157;
									_t178 =  *((intOrPtr*)(_t183 + 0x30));
									 *_t130 =  *(_t183 + 0x38);
									 *_v0 =  *((intOrPtr*)(_t183 + 0x3c));
									_t121 = RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t183);
									if(_t178 != 0) {
										 *_t178 = 1;
										_t121 =  &_v12;
										asm("lock or [eax], ecx");
										_push(0);
										L21();
									}
									goto L13;
								}
							}
						} else {
							_t121 = _v0;
							 *_t130 =  *_t130 & 0x00000000;
							 *_t121 =  *_t121 & 0x00000000;
							L13:
							return _t121;
						}
					} else {
						_t161 =  *(_t96 + 4);
						if( *_t161 != _t96) {
							goto L10;
						} else {
							 *_t161 = _t162;
							_t162[1] = _t161;
							E6F50FFB0(_t128, _t173, _t128);
							if( *(_t181 + 0x58) != 0) {
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0,  *(_t181 + 0x58));
							}
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t181);
							goto L8;
						}
					}
				}
			}

























































                                                                                  0x6f52dea3
                                                                                  0x6f52dea6
                                                                                  0x6f52deae
                                                                                  0x6f52deb2
                                                                                  0x6f52deb5
                                                                                  0x6f52deba
                                                                                  0x6f52debe
                                                                                  0x6f52dec6
                                                                                  0x6f52decc
                                                                                  0x6f52df40
                                                                                  0x6f52df2a
                                                                                  0x6f52df3e
                                                                                  0x6f52dece
                                                                                  0x6f52ded5
                                                                                  0x6f56b445
                                                                                  0x6f52dedb
                                                                                  0x6f52dedb
                                                                                  0x6f52dedb
                                                                                  0x6f52dee2
                                                                                  0x6f52dee7
                                                                                  0x6f56b456
                                                                                  0x6f56b456
                                                                                  0x6f52deed
                                                                                  0x6f52deee
                                                                                  0x6f52def3
                                                                                  0x6f52def6
                                                                                  0x6f52defb
                                                                                  0x6f52df47
                                                                                  0x6f52df49
                                                                                  0x6f52df4a
                                                                                  0x6f52df4f
                                                                                  0x6f52df51
                                                                                  0x6f52df52
                                                                                  0x6f52df53
                                                                                  0x6f52df54
                                                                                  0x6f52df55
                                                                                  0x6f52df56
                                                                                  0x6f52df58
                                                                                  0x6f52df5d
                                                                                  0x6f52df63
                                                                                  0x6f52df77
                                                                                  0x6f52df7c
                                                                                  0x6f52dfd3
                                                                                  0x6f52dfd3
                                                                                  0x6f52df7e
                                                                                  0x6f52df81
                                                                                  0x6f52df86
                                                                                  0x6f52dfda
                                                                                  0x6f52dfdc
                                                                                  0x6f52dfdd
                                                                                  0x6f52dfe1
                                                                                  0x6f52dfe7
                                                                                  0x6f52dff0
                                                                                  0x6f52dff5
                                                                                  0x6f52dff8
                                                                                  0x6f52e005
                                                                                  0x6f52e00f
                                                                                  0x6f52e010
                                                                                  0x6f52e011
                                                                                  0x6f52e014
                                                                                  0x6f52e016
                                                                                  0x6f52e018
                                                                                  0x6f52e01c
                                                                                  0x6f52e022
                                                                                  0x6f52e028
                                                                                  0x6f52e031
                                                                                  0x6f52e036
                                                                                  0x6f56b47d
                                                                                  0x6f56b483
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f52e03c
                                                                                  0x6f52e03e
                                                                                  0x6f52e043
                                                                                  0x6f52e049
                                                                                  0x6f56b489
                                                                                  0x6f56b489
                                                                                  0x6f56b48d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f56b493
                                                                                  0x00000000
                                                                                  0x6f52e04f
                                                                                  0x6f52e04f
                                                                                  0x6f52e051
                                                                                  0x6f52e054
                                                                                  0x6f52e058
                                                                                  0x6f52e05e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f52e064
                                                                                  0x6f52e064
                                                                                  0x6f52e067
                                                                                  0x6f52e06a
                                                                                  0x6f52e076
                                                                                  0x6f52e079
                                                                                  0x6f52e07f
                                                                                  0x6f56b4cc
                                                                                  0x6f56b4cc
                                                                                  0x00000000
                                                                                  0x6f52e085
                                                                                  0x6f52e085
                                                                                  0x6f52e08a
                                                                                  0x6f52e11c
                                                                                  0x6f52e11f
                                                                                  0x6f52e122
                                                                                  0x6f52e127
                                                                                  0x6f52e164
                                                                                  0x6f52e129
                                                                                  0x6f52e129
                                                                                  0x6f52e12f
                                                                                  0x6f52e12f
                                                                                  0x00000000
                                                                                  0x6f52e090
                                                                                  0x6f52e092
                                                                                  0x6f56b4b2
                                                                                  0x6f56b4b2
                                                                                  0x6f52e09e
                                                                                  0x6f52e0a0
                                                                                  0x6f52e0a4
                                                                                  0x6f52e0aa
                                                                                  0x6f56b4d3
                                                                                  0x00000000
                                                                                  0x6f52e0b0
                                                                                  0x6f52e0b0
                                                                                  0x6f52e0b5
                                                                                  0x6f52e0b8
                                                                                  0x6f52e0be
                                                                                  0x6f56b4b9
                                                                                  0x6f56b4c0
                                                                                  0x6f56b4c3
                                                                                  0x6f56b4c3
                                                                                  0x6f52e0c4
                                                                                  0x6f52e0c8
                                                                                  0x6f52e0ca
                                                                                  0x6f52e0cb
                                                                                  0x6f52e0cb
                                                                                  0x6f52e0ce
                                                                                  0x6f52e0ce
                                                                                  0x6f52e0d3
                                                                                  0x00000000
                                                                                  0x6f52e0d9
                                                                                  0x6f52e0db
                                                                                  0x6f52e0e1
                                                                                  0x6f52e0e4
                                                                                  0x6f52e0e4
                                                                                  0x6f52e0ed
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f52e0ed
                                                                                  0x6f52e0d3
                                                                                  0x6f52e0aa
                                                                                  0x6f52e08a
                                                                                  0x00000000
                                                                                  0x6f52e07f
                                                                                  0x6f52e0f3
                                                                                  0x6f52e0f9
                                                                                  0x6f52e0fb
                                                                                  0x6f52e0fb
                                                                                  0x6f52e0fe
                                                                                  0x6f52e101
                                                                                  0x6f52e106
                                                                                  0x6f52e108
                                                                                  0x6f52e0fb
                                                                                  0x6f52e111
                                                                                  0x6f52e138
                                                                                  0x6f52e13a
                                                                                  0x6f52e13e
                                                                                  0x6f52e148
                                                                                  0x6f52e14e
                                                                                  0x6f52e150
                                                                                  0x6f52e156
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f52e16c
                                                                                  0x6f52e16c
                                                                                  0x6f52e15a
                                                                                  0x6f52e15d
                                                                                  0x6f52e15d
                                                                                  0x6f52e15a
                                                                                  0x00000000
                                                                                  0x6f56b498
                                                                                  0x6f56b498
                                                                                  0x6f56b498
                                                                                  0x6f56b49a
                                                                                  0x6f56b49d
                                                                                  0x6f56b4a0
                                                                                  0x00000000
                                                                                  0x6f56b4a6
                                                                                  0x6f52e04f
                                                                                  0x6f52e049
                                                                                  0x00000000
                                                                                  0x6f52e036
                                                                                  0x6f52e028
                                                                                  0x6f52e113
                                                                                  0x6f52e119
                                                                                  0x6f52df88
                                                                                  0x6f52df88
                                                                                  0x6f52df8d
                                                                                  0x00000000
                                                                                  0x6f52df8f
                                                                                  0x6f52df8f
                                                                                  0x6f52df91
                                                                                  0x6f52df97
                                                                                  0x6f52df9a
                                                                                  0x6f52dfa5
                                                                                  0x6f52dfb0
                                                                                  0x6f52dfb7
                                                                                  0x6f52dfb9
                                                                                  0x6f52dfbf
                                                                                  0x6f52dfc4
                                                                                  0x6f52dfc7
                                                                                  0x6f52dfcc
                                                                                  0x6f52dfcc
                                                                                  0x00000000
                                                                                  0x6f52dfb7
                                                                                  0x6f52df8d
                                                                                  0x6f52df65
                                                                                  0x6f52df65
                                                                                  0x6f52df68
                                                                                  0x6f52df6b
                                                                                  0x6f52df6e
                                                                                  0x6f52df74
                                                                                  0x6f52df74
                                                                                  0x6f52defd
                                                                                  0x6f52defd
                                                                                  0x6f52df02
                                                                                  0x00000000
                                                                                  0x6f52df04
                                                                                  0x6f52df04
                                                                                  0x6f52df07
                                                                                  0x6f52df0a
                                                                                  0x6f52df13
                                                                                  0x6f56b46e
                                                                                  0x6f56b46e
                                                                                  0x6f52df25
                                                                                  0x00000000
                                                                                  0x6f52df25
                                                                                  0x6f52df02
                                                                                  0x6f52defb

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,00000000,?,00000000,?,?,6F4F3A82,?,?,?,?,?,00000001,00000000,?,?), ref: 6F52DEB5
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,?,00000000,?,?,6F4F3A82,?,?,?,?,?,00000001,00000000,?), ref: 6F52DEBE
                                                                                    • Part of subcall function 6F512280: RtlDllShutdownInProgress.BCCB(00000000), ref: 6F5122BA
                                                                                    • Part of subcall function 6F512280: ZwWaitForAlertByThreadId.BCCB(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6F5123A3
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,00000000,?,00000000,?,?,6F4F3A82,?,?,?,?,?,00000001,00000000,?), ref: 6F52DECE
                                                                                  • ZwUnsubscribeWnfStateChange.BCCB(?,?,?,00000000,?,00000000,?,?,6F4F3A82,?,?,?,?,?,00000001,00000000), ref: 6F52DEEE
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000000,?,00000000,?,?,6F4F3A82,?,?,?,?,?,00000001), ref: 6F52DF0A
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,?,?,?,00000000,?,00000000,?,?,6F4F3A82,?), ref: 6F52DF25
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000000,?,00000000,?,?,6F4F3A82,?,?,?,?,?,00000001), ref: 6F52DF33
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,?,00000000,?,?,6F4F3A82,?,?,?,?,?,00000001,00000000), ref: 6F52DF40
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,?,?,00000000,?,00000000,?,?,6F4F3A82,?), ref: 6F56B46E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireFreeHeap$AlertChangeCurrentProgressServiceSessionShutdownStateThreadUnsubscribeWait
                                                                                  • String ID:
                                                                                  • API String ID: 3923771875-0
                                                                                  • Opcode ID: d57a4162abf30d66059a9afaa71d5bb843e31dbdfb760459d3af721951abf6e2
                                                                                  • Instruction ID: 2634e4d61754539a8505b1e64c371707e78d489d517c50d82cef60017cfad75e
                                                                                  • Opcode Fuzzy Hash: d57a4162abf30d66059a9afaa71d5bb843e31dbdfb760459d3af721951abf6e2
                                                                                  • Instruction Fuzzy Hash: 4B21B071148B40ABD711DB28C940F16B7BAEF8236CF054679E4258B6E1DB34FD45CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5A23E3, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 64%
                                                                                  			E6F5A23E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x6f5e874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x6f5e874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E6F54D4F0(_t83, 0x6f4d6c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6F4FB150();
					} else {
						E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E6F4FB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6f5e6378 = 1;
						asm("int3");
						 *0x6f5e6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                                                                  0x6f5a23e3
                                                                                  0x6f5a23e8
                                                                                  0x6f5a23eb
                                                                                  0x6f5a23ee
                                                                                  0x6f5a23f3
                                                                                  0x6f5a259b
                                                                                  0x6f5a259b
                                                                                  0x6f5a259d
                                                                                  0x6f5a25a3
                                                                                  0x6f5a25a3
                                                                                  0x6f5a23fb
                                                                                  0x6f5a2424
                                                                                  0x6f5a244f
                                                                                  0x6f5a2460
                                                                                  0x6f5a2451
                                                                                  0x6f5a2451
                                                                                  0x6f5a2456
                                                                                  0x6f5a2458
                                                                                  0x6f5a2458
                                                                                  0x6f5a245b
                                                                                  0x6f5a245b
                                                                                  0x6f5a2426
                                                                                  0x6f5a2431
                                                                                  0x6f5a2436
                                                                                  0x6f5a2443
                                                                                  0x6f5a2438
                                                                                  0x6f5a2438
                                                                                  0x6f5a2438
                                                                                  0x6f5a2445
                                                                                  0x6f5a2445
                                                                                  0x6f5a2463
                                                                                  0x6f5a2469
                                                                                  0x6f5a246f
                                                                                  0x6f5a2480
                                                                                  0x6f5a2495
                                                                                  0x6f5a24a1
                                                                                  0x6f5a24ce
                                                                                  0x6f5a24df
                                                                                  0x6f5a24d0
                                                                                  0x6f5a24d0
                                                                                  0x6f5a24d5
                                                                                  0x6f5a24d7
                                                                                  0x6f5a24d7
                                                                                  0x6f5a24da
                                                                                  0x6f5a24da
                                                                                  0x6f5a24a3
                                                                                  0x6f5a24b0
                                                                                  0x6f5a24b5
                                                                                  0x6f5a24c2
                                                                                  0x6f5a24b7
                                                                                  0x6f5a24b7
                                                                                  0x6f5a24b7
                                                                                  0x6f5a24c4
                                                                                  0x6f5a24c4
                                                                                  0x6f5a24e8
                                                                                  0x6f5a2497
                                                                                  0x6f5a249a
                                                                                  0x6f5a249a
                                                                                  0x6f5a2482
                                                                                  0x6f5a2488
                                                                                  0x6f5a2488
                                                                                  0x6f5a2471
                                                                                  0x6f5a2479
                                                                                  0x6f5a2479
                                                                                  0x6f5a24ef
                                                                                  0x6f5a23fd
                                                                                  0x6f5a2401
                                                                                  0x6f5a2412
                                                                                  0x6f5a2403
                                                                                  0x6f5a2403
                                                                                  0x6f5a2408
                                                                                  0x6f5a240a
                                                                                  0x6f5a240a
                                                                                  0x6f5a240d
                                                                                  0x6f5a240d
                                                                                  0x6f5a241b
                                                                                  0x6f5a241b
                                                                                  0x6f5a24f1
                                                                                  0x6f5a24f6
                                                                                  0x6f5a2507
                                                                                  0x6f5a2510
                                                                                  0x00000000
                                                                                  0x6f5a2510
                                                                                  0x6f5a250b
                                                                                  0x00000000
                                                                                  0x6f5a24f8
                                                                                  0x6f5a24f8
                                                                                  0x6f5a24fc
                                                                                  0x6f5a2500
                                                                                  0x6f5a2512
                                                                                  0x6f5a2515
                                                                                  0x6f5a251a
                                                                                  0x6f5a2521
                                                                                  0x6f5a2524
                                                                                  0x6f5a2529
                                                                                  0x6f5a252f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5a253c
                                                                                  0x6f5a255c
                                                                                  0x6f5a2561
                                                                                  0x6f5a253e
                                                                                  0x6f5a2554
                                                                                  0x6f5a2559
                                                                                  0x6f5a256a
                                                                                  0x6f5a256d
                                                                                  0x6f5a2574
                                                                                  0x6f5a2586
                                                                                  0x6f5a2588
                                                                                  0x6f5a258f
                                                                                  0x6f5a2590
                                                                                  0x6f5a2590
                                                                                  0x6f5a2597
                                                                                  0x00000000
                                                                                  0x6f5a2597

                                                                                  APIs
                                                                                  • RtlCompareMemory.BCCB(-00000010,6F4D6C58,00000008,?,-00000018,?,?,?,6F5B4BD7), ref: 6F5A2524
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,-00000010,6F4D6C58,00000008,?,-00000018,?,?,?,6F5B4BD7), ref: 6F5A2554
                                                                                  • DbgPrint.BCCB(HEAP: ,-00000010,6F4D6C58,00000008,?,-00000018,?,?,?,6F5B4BD7), ref: 6F5A2561
                                                                                  • DbgPrint.BCCB(Heap block at %p modified at %p past requested size of %Ix,-00000018,?,?,-00000010,6F4D6C58,00000008,?,-00000018,?,?,?,6F5B4BD7), ref: 6F5A2574
                                                                                  Strings
                                                                                  • HEAP[%wZ]: , xrefs: 6F5A254F
                                                                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 6F5A256F
                                                                                  • HEAP: , xrefs: 6F5A255C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$CompareMemory
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                  • API String ID: 216965414-3815128232
                                                                                  • Opcode ID: a04796914eb2948c82c1687f0acd8af52f7bdb4b25cc0e8ac1941716dc47fba3
                                                                                  • Instruction ID: b12d05a7f7ba19dd593b2582bad6f4b21f19c2061e4346de6b0b4db14ea321f1
                                                                                  • Opcode Fuzzy Hash: a04796914eb2948c82c1687f0acd8af52f7bdb4b25cc0e8ac1941716dc47fba3
                                                                                  • Instruction Fuzzy Hash: 12511734104A508AE320CE2BC952BBA77E1EB4A344F518C6AE4D58F681D337EC67DB61
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F581570, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6F5816FA: ZwQueryWnfStateNameInformation.BCCB(6F4DFB74,00000001,00000000,00000568,00000004,?,?,00000000,?,?,?,?,6F5815A3,?,00000568), ref: 6F581718
                                                                                    • Part of subcall function 6F5816FA: ZwUpdateWnfStateData.BCCB(6F4DFB74,00000000,00000000,00000000,00000000,00000000,00000000,6F4DFB74,00000001,00000000,00000568,00000004,?,?,00000000), ref: 6F58172D
                                                                                    • Part of subcall function 6F5816FA: EtwEventWriteNoRegistration.BCCB(6F4DFB7C,?,00000000,00000000,6F4DFB74,00000001,00000000,00000568,00000004,?,?,00000000,?,?,?,?), ref: 6F58174B
                                                                                  • ZwQuerySystemInformation.BCCB(00000073,?,00000008,00000000,?,00000568), ref: 6F5815B6
                                                                                    • Part of subcall function 6F539860: LdrInitializeThunk.NTDLL(6F5815BB,00000073,?,00000008,00000000,?,00000568), ref: 6F53986A
                                                                                    • Part of subcall function 6F58176C: ZwOpenEvent.BCCB(00000568,00100001,?,?,00000000), ref: 6F5817B5
                                                                                    • Part of subcall function 6F58176C: ZwWaitForSingleObject.BCCB(00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6F5817E1
                                                                                    • Part of subcall function 6F58176C: ZwClose.BCCB(00000568,00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6F5817EB
                                                                                  • RtlInitUnicodeString.BCCB(?,\WindowsErrorReportingServicePort,00000073,?,00000008,00000000,?,00000568), ref: 6F5815EC
                                                                                  • memset.BCCB(?,00000000,0000002C,?,\WindowsErrorReportingServicePort,00000073,?,00000008,00000000,?,00000568), ref: 6F5815F8
                                                                                  • ZwAlpcConnectPort.BCCB(?,?,00000018,?,00020000,?,00000000,00000000,00000000,00000000,?), ref: 6F581673
                                                                                  • ZwAlpcSendWaitReceivePort.BCCB(?,00020000,?,00000000,?,00000568,00000000,?,?,?,00000018,?,00020000,?,00000000,00000000), ref: 6F5816B0
                                                                                  • ZwClose.BCCB(00000000,?,00000568), ref: 6F5816E3
                                                                                  Strings
                                                                                  • \WindowsErrorReportingServicePort, xrefs: 6F5815E3
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AlpcCloseEventInformationPortQueryStateWait$ConnectDataInitInitializeNameObjectOpenReceiveRegistrationSendSingleStringSystemThunkUnicodeUpdateWritememset
                                                                                  • String ID: \WindowsErrorReportingServicePort
                                                                                  • API String ID: 360723211-589754893
                                                                                  • Opcode ID: 2ade8250ad10e342989bd3b292a45253ae016ae607cd0e6961a7a4d75b3990b1
                                                                                  • Instruction ID: a781e650385527789dac2a8da4a50b90238a3346069fc1f10c7d42d95ba82e35
                                                                                  • Opcode Fuzzy Hash: 2ade8250ad10e342989bd3b292a45253ae016ae607cd0e6961a7a4d75b3990b1
                                                                                  • Instruction Fuzzy Hash: DD4122B2D0163DABDB11DFA5D880BEEBBB9BF44714F14013AE865AB290D7309D44CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F50DD80, Relevance: 12.3, APIs: 8, Instructions: 337nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(6F5E8654,6F5417F0,00000000), ref: 6F50DDCE
                                                                                  • ZwQueryVirtualMemory.BCCB(000000FF,000000FE,00000006,?,0000000C,00000000,6F5417F0,00000000), ref: 6F50DE98
                                                                                  • RtlImageNtHeaderEx.BCCB(00000001,?,00000000,00000000,?,000000FF,000000FE,00000006,?,0000000C,00000000,6F5417F0,00000000), ref: 6F50DEE8
                                                                                  • RtlImageNtHeaderEx.BCCB(00000001,?,00000000,00000000,?,00000001,?,00000000,00000000,?,000000FF,000000FE,00000006,?,0000000C,00000000), ref: 6F50DF0D
                                                                                  • RtlImageNtHeaderEx.BCCB(00000001,?,00000000,00000000,00000000,00000001,?,00000000,00000000,?,00000001,?,00000000,00000000,?,000000FF), ref: 6F50DF46
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: HeaderImage$AcquireLockMemoryQuerySharedVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 114269737-0
                                                                                  • Opcode ID: e0d12ed47b09d7943cabfdfb9f5ab42b727428ff13d307a41c118ce6ff3d3fff
                                                                                  • Instruction ID: 0542b5493bf46e962218757a1a7d77462f3b0baf148fdf089c30c9620d1346e3
                                                                                  • Opcode Fuzzy Hash: e0d12ed47b09d7943cabfdfb9f5ab42b727428ff13d307a41c118ce6ff3d3fff
                                                                                  • Instruction Fuzzy Hash: 3BC1E571A046069FEB18DF58C951BAEB7F2AF84314F24867ED464AB380DB31ED41CB81
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5B3518, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,00000000,?,?,6F54FC67), ref: 6F5B354D
                                                                                  • DbgPrint.BCCB(HEAP: ,00000000,?,?,6F54FC67), ref: 6F5B355A
                                                                                  • DbgPrint.BCCB(May not destroy the process heap at %p,?,00000000,?,?,6F54FC67), ref: 6F5B3566
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
                                                                                  • API String ID: 3558298466-4256168463
                                                                                  • Opcode ID: 008b2730f490be0298255df1c6490c0e56a45248d5b4ca552aabd39810db5570
                                                                                  • Instruction ID: dee1cbbd0409d9f4e7aa50ca90d57200c4f3e9343ccdf483b3a64d7460696f2c
                                                                                  • Opcode Fuzzy Hash: 008b2730f490be0298255df1c6490c0e56a45248d5b4ca552aabd39810db5570
                                                                                  • Instruction Fuzzy Hash: AF0100324156009FCB10DB688551F9673E8AB82668F00847EF809ABAC1DB35ED45CA90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F58FF10, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p,?,000000FF,?,6F5D09B0,00000014,6F50EBD8,?,?,?,00000000,?,6F4F1E03,?), ref: 6F58FF69
                                                                                  • RtlDecodePointer.BCCB(6F5D09B0,00000014,6F50EBD8,?,?,?,00000000,?,6F4F1E03,?,6F4F1D6E,?), ref: 6F58FF78
                                                                                  • RtlRaiseStatus.BCCB(C0000264,6F5D09B0,00000014,6F50EBD8,?,?,?,00000000,?,6F4F1E03,?,6F4F1D6E,?), ref: 6F58FF89
                                                                                  • RtlDebugPrintTimes.BCCB(?,C0000264,6F5D09B0,00000014,6F50EBD8,?,?,?,00000000,?,6F4F1E03,?,6F4F1D6E,?), ref: 6F58FF9A
                                                                                  • RtlpNotOwnerCriticalSection.BCCB ref: 6F58FFB1
                                                                                  Strings
                                                                                  • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 6F58FF60
                                                                                  • PS^o?, xrefs: 6F58FF56, 6F58FF5C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$CriticalDebugDecodeOwnerPointerRaiseRtlpSectionStatusTimes
                                                                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p$PS^o?
                                                                                  • API String ID: 2675442896-19838384
                                                                                  • Opcode ID: c4cf83bd303f93c26b209dfc56a0452ae48a3a9a6b828243b8f1295c0611440e
                                                                                  • Instruction ID: ce8435b45e66f961c0c6d7ca24e482205c1330ec7d76a65d323b59ec7965e72c
                                                                                  • Opcode Fuzzy Hash: c4cf83bd303f93c26b209dfc56a0452ae48a3a9a6b828243b8f1295c0611440e
                                                                                  • Instruction Fuzzy Hash: FF11ED71910294EFDB12DF50C944FD8BBF2BF49319F108064F528AB6A1C739AD50CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FC600, Relevance: 12.2, APIs: 8, Instructions: 225memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlInitUnicodeStringEx.BCCB(?,?,?,?,?), ref: 6F4FC639
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,?,00000400,?,?,?,?,?,?), ref: 6F4FC665
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000002,?,?,00000002,00000000,?,?,?,?), ref: 6F567A15
                                                                                  • RtlAllocateHeap.BCCB(?,?,?,?,?,?,?,?), ref: 6F567A43
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,00000000,?,?,?,?), ref: 6F567A65
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,00000002,00000000,?,?,?,?), ref: 6F567A8A
                                                                                  • RtlUnicodeStringToInteger.BCCB(?,00000000,00000000,?,?,00000002,00000000,?,?,?,?), ref: 6F567B52
                                                                                  • memcpy.BCCB(00000000,0000000C,?,?,?,00000002,00000000,?,?,?,?), ref: 6F567BB1
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$FreeQueryStringUnicodeValue$AllocateInitIntegermemcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3015855070-0
                                                                                  • Opcode ID: 33f882ebdd5ac55c0e4f8179207345f266697a32806373619561a0ebedc29f6d
                                                                                  • Instruction ID: b9d2505e6478b636deb87530348eb4591f2531d8a2d510027837c36bacc0f1c9
                                                                                  • Opcode Fuzzy Hash: 33f882ebdd5ac55c0e4f8179207345f266697a32806373619561a0ebedc29f6d
                                                                                  • Instruction Fuzzy Hash: 1581B1756483028BDB11CE18D880F6B77E9FF89354F14497AED649B261EB30ED41CBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F5050, Relevance: 12.1, APIs: 8, Instructions: 133memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?), ref: 6F4F5096
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,?), ref: 6F550C80
                                                                                    • Part of subcall function 6F516E30: memset.BCCB(00000000,00000000,?,?,?,?,?), ref: 6F516F17
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6F4F5128
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6F4F5136
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6F4F5164
                                                                                  • ZwClose.BCCB(?,6F5E79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000), ref: 6F4F5179
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,6F5E79A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000), ref: 6F4F518A
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,00000000,00000000,?,00000000,?), ref: 6F550C3E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$Free$CriticalSection$AllocateCloseEnterLeavememset
                                                                                  • String ID:
                                                                                  • API String ID: 1968905909-0
                                                                                  • Opcode ID: 1ef34aba332f564a0fc19e73d56d4bbbcf0bcf105596181199dc7c09bfbf2cf2
                                                                                  • Instruction ID: 6eb95ade2d960879ef1e42de5ab0fdc7103096fc22884322ccd80a9c605affed
                                                                                  • Opcode Fuzzy Hash: 1ef34aba332f564a0fc19e73d56d4bbbcf0bcf105596181199dc7c09bfbf2cf2
                                                                                  • Instruction Fuzzy Hash: CC410475A083029BD310DF2CC940F5AB7A4AF85718F104A3AFC998B681E730EC56C7D5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51B73D, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-1334570610
                                                                                  • Opcode ID: 3eba96f5a41cffe2efcad99f10b9292dc8d98305edc2afdcafbf3d70fa5a76fd
                                                                                  • Instruction ID: c21803fe3d933af220b6d156ed4bcd7748a45c6283462afbfe2c7573d7c62f19
                                                                                  • Opcode Fuzzy Hash: 3eba96f5a41cffe2efcad99f10b9292dc8d98305edc2afdcafbf3d70fa5a76fd
                                                                                  • Instruction Fuzzy Hash: 2E61BD70608241AFEB18DF28C580BAABBB1FF45704F15856EE8598B7A1D731FC91CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5295EC, Relevance: 10.7, APIs: 7, Instructions: 165timelibraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(00000000,00000001,?,?,7FFE0386), ref: 6F5296A5
                                                                                    • Part of subcall function 6F529702: RtlAcquireSRWLockExclusive.BCCB(?,?,?,?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6F52974F
                                                                                    • Part of subcall function 6F529702: RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6F52976D
                                                                                  • LdrLockLoaderLock.BCCB(00000000,00000000,00000001,?,?,7FFE0386,?,6F4F6778,00000001), ref: 6F569682
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6F56972B
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6F569740
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Lock$DebugExclusivePrintTimes$AcquireCurrentLoaderReleaseServiceSession
                                                                                  • String ID:
                                                                                  • API String ID: 732933571-0
                                                                                  • Opcode ID: 941a3b0e71f0ba724243741f266fc954cb979aa38b0023fef5f13e0cd2ba80c0
                                                                                  • Instruction ID: e5b6bc6eea883b1c559ea8f6af98a44de345385ca0466b62dc52532cd276ec27
                                                                                  • Opcode Fuzzy Hash: 941a3b0e71f0ba724243741f266fc954cb979aa38b0023fef5f13e0cd2ba80c0
                                                                                  • Instruction Fuzzy Hash: 7351BB71A0460AAFDB04CF68C944BAEB7F4BF45325F004639E4269B7E4DB74AD11DB80
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F3FC5, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 131COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,6F5B3933,RtlGetUserInfoHeap), ref: 6F5503D9
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6F5B3933,RtlGetUserInfoHeap), ref: 6F5503E6
                                                                                  • DbgPrint.BCCB(Invalid address specified to %s( %p, %p ),?,?,?,?,?,?,?,6F5B3933,RtlGetUserInfoHeap), ref: 6F5503F9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                  • API String ID: 3558298466-1151232445
                                                                                  • Opcode ID: af1c3794a8c68805f62d75fcd3c467fe5f629efbae92f61e5471e224a31299ce
                                                                                  • Instruction ID: e6e8ae029f92b1c73afadf0c122878f7b1bf4edce00d797580bcc0a9911fd3a0
                                                                                  • Opcode Fuzzy Hash: af1c3794a8c68805f62d75fcd3c467fe5f629efbae92f61e5471e224a31299ce
                                                                                  • Instruction Fuzzy Hash: 23410530205342CFEB158B28C680FA677E1AF8239CF05457BD5594BA52CB26A897C712
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F529ED0, Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,FFFFFFFE,000000FF,FFFFFFFE), ref: 6F569836
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,FFFFFFFE,000000FF,FFFFFFFE), ref: 6F56984A
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?), ref: 6F56987A
                                                                                  • RtlAcquireSRWLockShared.BCCB(?), ref: 6F569897
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?), ref: 6F5698B3
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Lock$ExclusiveRelease$AcquireShared
                                                                                  • String ID:
                                                                                  • API String ID: 1363392280-0
                                                                                  • Opcode ID: 688a337dac4e851413f0ec5f61124e081631620ab6096ab0831448190c3edd25
                                                                                  • Instruction ID: 4a8e8904a7241b78c1969f09265fa6958d1706c2c4bfa52835cbfc8019977387
                                                                                  • Opcode Fuzzy Hash: 688a337dac4e851413f0ec5f61124e081631620ab6096ab0831448190c3edd25
                                                                                  • Instruction Fuzzy Hash: 3B416C7264C3428BD705CF28885474BB7E5AFD5318F194A2DF894AB385D638EE0887D3
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F586365, Relevance: 10.6, APIs: 7, Instructions: 123memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,00000000,?,00000000), ref: 6F586385
                                                                                  • ZwQueryVirtualMemory.BCCB(000000FF,?,00000002,00000000,?,?,?,00000008,?,00000000,?,00000000), ref: 6F5863A4
                                                                                  • memcpy.BCCB(?,?,?,000000FF,?,00000002,00000000,?,?,?,00000008,?,00000000,?,00000000), ref: 6F5863DF
                                                                                  • wcsrchr.BCCB(?,0000005C,?,?,?,000000FF,?,00000002,00000000,?,?,?,00000008,?,00000000,?), ref: 6F5863E7
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,00000008,?,00000000,?,00000000), ref: 6F58640B
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,-00000002,00000008,?,00000000,?), ref: 6F58644D
                                                                                  • memcpy.BCCB(00000000,-00000002,?,00000000,?), ref: 6F58646B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$Allocatememcpy$FreeMemoryQueryVirtualwcsrchr
                                                                                  • String ID:
                                                                                  • API String ID: 58330029-0
                                                                                  • Opcode ID: c1f2ba62f69970b7b14ba36b7924932fcf19eab88d026fda8b36fc3e26e36b79
                                                                                  • Instruction ID: ffef8926ff78837bbcfe806b7b161b46b36b75791a112448568c9fbd044bdcb8
                                                                                  • Opcode Fuzzy Hash: c1f2ba62f69970b7b14ba36b7924932fcf19eab88d026fda8b36fc3e26e36b79
                                                                                  • Instruction Fuzzy Hash: F041F036A10625EBDB15CF68C890BAF3779EF82714F058178E9219B290DB30ED01C7A0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F524020, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetSuiteMask.BCCB(00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6F5240B3
                                                                                  • RtlGetNtProductType.BCCB(?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6F5240D6
                                                                                  • RtlInitUnicodeString.BCCB(?,TerminalServices-RemoteConnectionManager-AllowAppServerMode,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6F5240F1
                                                                                  • ZwQueryLicenseValue.BCCB(?,?,?,00000004,?,?,TerminalServices-RemoteConnectionManager-AllowAppServerMode,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6F524108
                                                                                  • RtlGetSuiteMask.BCCB(00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6F524155
                                                                                  Strings
                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 6F5240E8
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: MaskSuite$InitLicenseProductQueryStringTypeUnicodeValue
                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
                                                                                  • API String ID: 2592082795-996340685
                                                                                  • Opcode ID: 86c0c852dc096155164b2e8c3381f14efd7cf9f0a68adc2e752fd9ce12beff60
                                                                                  • Instruction ID: 115d1b08a323d7ea6c7c17a499e175c657dff4fad8b39b10145f1d8ff4bb73e6
                                                                                  • Opcode Fuzzy Hash: 86c0c852dc096155164b2e8c3381f14efd7cf9f0a68adc2e752fd9ce12beff60
                                                                                  • Instruction Fuzzy Hash: 1C416075A0474A9AC724DFB8C4406EAFBF4FF5A304F004A3ED5A9C7681E330A945CBA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F50A3E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 72nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwQueryInformationToken.BCCB(000000FA,00000001,?,00000050,?,?), ref: 6F50A404
                                                                                  • RtlLengthSidAsUnicodeString.BCCB(?,?,000000FA,00000001,?,00000050,?,?), ref: 6F50A414
                                                                                    • Part of subcall function 6F50A4B0: RtlValidSid.BCCB(?,?,?,6F50A419,?,?,000000FA,00000001,?,00000050,?,?), ref: 6F50A4BA
                                                                                  • RtlFreeUnicodeString.BCCB(?,?,?,00000000,?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6F50A497
                                                                                    • Part of subcall function 6F513A1C: RtlAllocateHeap.BCCB(?,00000000,00000000,?,6F5367C0,0000004E,00000000,?,6F5883BE,?,?), ref: 6F513A2F
                                                                                  • RtlAppendUnicodeToString.BCCB(?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6F50A443
                                                                                    • Part of subcall function 6F50A990: memmove.BCCB(00000000,00000050,00000052,?,?,00000000,?,?,6F50A448,?,\REGISTRY\USER\,?,02000000,?,?,000000FA), ref: 6F50A9E2
                                                                                  • RtlConvertSidToUnicodeString.BCCB(?,?,00000000,?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6F50A469
                                                                                    • Part of subcall function 6F50A500: RtlValidSid.BCCB(00000050,?), ref: 6F50A523
                                                                                    • Part of subcall function 6F50A500: wcscpy_s.BCCB(?,00000100,S-1-,?,00000050,?), ref: 6F50A54A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: StringUnicode$Valid$AllocateAppendConvertFreeHeapInformationLengthQueryTokenmemmovewcscpy_s
                                                                                  • String ID: \REGISTRY\USER\
                                                                                  • API String ID: 3017593230-2169711131
                                                                                  • Opcode ID: ca3e6425ba65c5bd33ddb41e6d352438c64005ff9c27141b42d5aad10f6828a5
                                                                                  • Instruction ID: 08813c156c39a5f0995f2610d413af95e7623af4598faaa95c1228325eddd9a9
                                                                                  • Opcode Fuzzy Hash: ca3e6425ba65c5bd33ddb41e6d352438c64005ff9c27141b42d5aad10f6828a5
                                                                                  • Instruction Fuzzy Hash: 45219F35A00A58AADB11EFA8C901EAEB3F8AF49304F11453AA955EB180EB34ED04C755
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F9240, Relevance: 10.6, APIs: 7, Instructions: 63memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwClose.BCCB(00000000,6F5CF708,0000000C,6F4F9219), ref: 6F4F925A
                                                                                  • ZwClose.BCCB(00000000,6F5CF708,0000000C,6F4F9219), ref: 6F4F9279
                                                                                  • RtlFreeHeap.BCCB(?,?,?,00000000,6F5CF708,0000000C,6F4F9219), ref: 6F4F9295
                                                                                  • RtlFreeHeap.BCCB(?,?,00000000,?,?,?,00000000,6F5CF708,0000000C,6F4F9219), ref: 6F4F92B1
                                                                                  • RtlFreeHeap.BCCB(?,?,?,?,?,00000000,?,?,?,00000000,6F5CF708,0000000C,6F4F9219), ref: 6F4F92CD
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E86B4,?,?,?,?,?,00000000,?,?,?,00000000,6F5CF708,0000000C,6F4F9219), ref: 6F4F92D7
                                                                                  • RtlFreeHeap.BCCB(?,?,?,6F5E86B4,?,?,?,?,?,00000000,?,?,?,00000000,6F5CF708,0000000C), ref: 6F4F931A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: FreeHeap$Close$AcquireExclusiveLock
                                                                                  • String ID:
                                                                                  • API String ID: 3557490396-0
                                                                                  • Opcode ID: 54c65b5405b2b91fbb5f13887e4e172c6b99b9b639a52747c98c49cfc6ecce3e
                                                                                  • Instruction ID: 30eab580b7947c353e822e348ff200985f917266532b66737d585d44f69fe39f
                                                                                  • Opcode Fuzzy Hash: 54c65b5405b2b91fbb5f13887e4e172c6b99b9b639a52747c98c49cfc6ecce3e
                                                                                  • Instruction Fuzzy Hash: 97213472041A00DFD722DF28CA40F4AB7F9EF88318F054568A01A86AA1DB39ED56CB44
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5C3E22, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwTraceControl.BCCB(0000001A,8S^o,00000008,00000000,00000000,?,6F5E5338,00000000,6F5E5320,6F5E5320,6F5E5338,?,6F5E84E0,?,00000001,6F4D5C80), ref: 6F5C3E5D
                                                                                  • RtlNtStatusToDosError.BCCB(00000000,0000001A,8S^o,00000008,00000000,00000000,?,6F5E5338,00000000,6F5E5320,6F5E5320,6F5E5338,?,6F5E84E0,?,00000001), ref: 6F5C3E6B
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E8504,00000000,0000001A,8S^o,00000008,00000000,00000000,?,6F5E5338,00000000,6F5E5320,6F5E5320,6F5E5338,?,6F5E84E0), ref: 6F5C3E7A
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E8504,6F5E8504,00000000,0000001A,8S^o,00000008,00000000,00000000,?,6F5E5338,00000000,6F5E5320,6F5E5320,6F5E5338,?,6F5E84E0), ref: 6F5C3EA1
                                                                                  • RtlSetLastWin32Error.BCCB(00000006,6F5E5338,00000000,6F5E5320,6F5E5320,6F5E5338,?,6F5E84E0,?,00000001,6F4D5C80,6F4F591B), ref: 6F5C3EAC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ErrorExclusiveLock$AcquireControlLastReleaseStatusTraceWin32
                                                                                  • String ID: 8S^o
                                                                                  • API String ID: 1422652320-2199163816
                                                                                  • Opcode ID: 4432acbf776db7bb468a2331a5d17acb80e0beae40a0a36093045e08c78704bc
                                                                                  • Instruction ID: 1d24b7b4bd8a5d8cdd621f62b9edad520ea9eae761354ab6bfea34fdb9c344fd
                                                                                  • Opcode Fuzzy Hash: 4432acbf776db7bb468a2331a5d17acb80e0beae40a0a36093045e08c78704bc
                                                                                  • Instruction Fuzzy Hash: 7F110A72A0021866CB10DFA9C881F9F7FB8EF89754F414179ED089B180DB34DD0687E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5C2EF7, Relevance: 9.2, APIs: 6, Instructions: 183timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _allshl.BCCB(?,00000000,00000000,00000000,?,?,?,?,6F5BB632,?,00000000), ref: 6F5C303C
                                                                                  • _allshl.BCCB(?,00000000,00000000,00000000,?,?,?,?,6F5BB632,?,00000000), ref: 6F5C3049
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,00000000,00000000,?,?,?,?,6F5BB632,?,00000000), ref: 6F5C305E
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,?,00000000,00000000,00000000,?,?,?), ref: 6F5C3081
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,?,00000000,00000000,00000000,?,?,?), ref: 6F5C30AF
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?), ref: 6F5C30DB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: DebugExclusiveLockPrintTimes_allshl$AcquireRelease
                                                                                  • String ID:
                                                                                  • API String ID: 4236268356-0
                                                                                  • Opcode ID: b0ee78b0b251bca26ba6783a717512dfca93d6f696802040ed46bc92bc856850
                                                                                  • Instruction ID: f212f46a81f4faf78eb0da05817bc9f6ca33807d73eb4a5f07f32cfa910c0fd3
                                                                                  • Opcode Fuzzy Hash: b0ee78b0b251bca26ba6783a717512dfca93d6f696802040ed46bc92bc856850
                                                                                  • Instruction Fuzzy Hash: 805139326042658FC704DF69C85156ABBE5FFC9321B06867EE895DB281DB34EC11CBD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FB171, Relevance: 9.2, APIs: 6, Instructions: 166nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwQueryDebugFilterState.BCCB(?,6F53B627,6F5CF7A8,00000090,6F4FB16E,00000003,6F53B627,0000000A,00000001,00000000,0000000A,6F53B627,Invalid parameter passed to C runtime function.), ref: 6F4FB1C4
                                                                                  • _alloca_probe_16.BCCB(6F5CF7A8,00000090,6F4FB16E,00000003,6F53B627,0000000A,00000001,00000000,0000000A,6F53B627,Invalid parameter passed to C runtime function.), ref: 6F554835
                                                                                  • memcpy.BCCB(?,?,?,6F5CF7A8,00000090,6F4FB16E,00000003,6F53B627,0000000A,00000001,00000000,0000000A,6F53B627), ref: 6F554866
                                                                                  • _vsnprintf.BCCB(?,-00000081,?,?,0000000A,6F53B627), ref: 6F5548AD
                                                                                  • ZwWow64DebuggerCall.BCCB(00000001,00000000,7FFE02D4,?,6F53B627,6F5CF7A8,00000090,6F4FB16E,00000003,6F53B627,0000000A,00000001,00000000,0000000A,6F53B627,Invalid parameter passed to C runtime function.), ref: 6F554986
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CallDebugDebuggerFilterQueryStateWow64_alloca_probe_16_vsnprintfmemcpy
                                                                                  • String ID:
                                                                                  • API String ID: 1346858437-0
                                                                                  • Opcode ID: 214dcc7c72b372f9a96552a87130747328bd0aaa1e9810ef1079c5bfe6f5e192
                                                                                  • Instruction ID: ee5b9be1c1feede918b2f5d781fa4f18160cc6afa16ea206f6346d29db30a99d
                                                                                  • Opcode Fuzzy Hash: 214dcc7c72b372f9a96552a87130747328bd0aaa1e9810ef1079c5bfe6f5e192
                                                                                  • Instruction Fuzzy Hash: EA510171D042698FEB20CF78C961BAEBBB1BF41314F1142BEE858AF281D3305D618B90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F500100, Relevance: 9.1, APIs: 6, Instructions: 122nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E861C,6F5CF848,0000001C,6F4FF66C,?,00000000,6F5E52D8), ref: 6F500120
                                                                                  • ZwUnmapViewOfSection.BCCB(000000FF,?,6F5E861C,6F5CF848,0000001C,6F4FF66C,?,00000000,6F5E52D8), ref: 6F5001AF
                                                                                  • ZwClose.BCCB(?,000000FF,?,6F5E861C,6F5CF848,0000001C,6F4FF66C,?,00000000,6F5E52D8), ref: 6F5001BD
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AcquireCloseExclusiveLockSectionUnmapView
                                                                                  • String ID:
                                                                                  • API String ID: 1629747488-0
                                                                                  • Opcode ID: 8fbd76907bf3ff295a24ab177197403303c25d1797f2e334ef96ce8ba78aa210
                                                                                  • Instruction ID: ad2e25f1e44882599608968c65a544bdaed259aef4e742978990b3f2310daa2c
                                                                                  • Opcode Fuzzy Hash: 8fbd76907bf3ff295a24ab177197403303c25d1797f2e334ef96ce8ba78aa210
                                                                                  • Instruction Fuzzy Hash: 25419A31949705CFCF41DF68CA807EA7BB0BF46364F450636D8206B292D334AD62CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F575623, Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(00000000,00000002,?,6F56E4BC,6F5D03D0,0000000C,6F569687,00000000,00000000,00000001,?,?,7FFE0386,?,6F4F6778,00000001), ref: 6F575628
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F575661
                                                                                  • RtlTryEnterCriticalSection.BCCB(6F5E5350,00000000,00000002,?,6F56E4BC,6F5D03D0,0000000C,6F569687,00000000,00000000,00000001,?,?,7FFE0386,?,6F4F6778), ref: 6F57569B
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(6F5E5350,00000000,00000002,?,6F56E4BC,6F5D03D0,0000000C,6F569687,00000000,00000000,00000001,?,?,7FFE0386,?,6F4F6778), ref: 6F5756A2
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F5756D2
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F57572F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSession$CriticalEnterSection
                                                                                  • String ID:
                                                                                  • API String ID: 1555030633-0
                                                                                  • Opcode ID: 8412ffecce1f95c76e2e966c7052fb458d3a456f8361a9df6231cadb865c3100
                                                                                  • Instruction ID: c00b1a76c60504bcba2d9510e741081bf416d83dd2e7a4427fdf3986d9434ea4
                                                                                  • Opcode Fuzzy Hash: 8412ffecce1f95c76e2e966c7052fb458d3a456f8361a9df6231cadb865c3100
                                                                                  • Instruction Fuzzy Hash: 6E3163316457819BF732876CDD48B5537D4EB42BA4F2507B1E9309B6E2DF68AC01C610
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5BA189, Relevance: 9.1, APIs: 6, Instructions: 96nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E6220,00000000,?,?,?), ref: 6F5BA1AE
                                                                                  • ZwGetNlsSectionPtr.BCCB(0000000C,?,00000000,?,?,6F5E6220,00000000,?,?,?), ref: 6F5BA1E8
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E6220,?,00000000,00000000,?,0000000C,?,00000000,00000050,6F5E6220,00000000,?,?,?), ref: 6F5BA252
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireReleaseSection
                                                                                  • String ID:
                                                                                  • API String ID: 1496884002-0
                                                                                  • Opcode ID: dbef3e399f7348ac4ddb32e7067a45c6482d2fb95cb4ab94e9d4fe5313fe4059
                                                                                  • Instruction ID: 69962d14592c93534169f9fc5924f08781e79eb57102b2f44436fc1a05290e7c
                                                                                  • Opcode Fuzzy Hash: dbef3e399f7348ac4ddb32e7067a45c6482d2fb95cb4ab94e9d4fe5313fe4059
                                                                                  • Instruction Fuzzy Hash: 2C31C071A04705ABD711CFA8C960A6EBBB9AF86718F11007DE915EB280EB71DD018790
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FF7C0, Relevance: 9.1, APIs: 6, Instructions: 64nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(00000058,00000000,00000000,00000000,?,6F5676A7,?,?,00000000,6F4D67CC,00000000,00000000,?,00000040), ref: 6F4FF7F5
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(00000058,00000058,00000000,00000000,00000000,?,6F5676A7,?,?,00000000,6F4D67CC,00000000,00000000,?,00000040), ref: 6F4FF860
                                                                                    • Part of subcall function 6F4FF8C8: RtlAcquireSRWLockExclusive.BCCB(6F5E86AC,00000058,?,00000030,6F4FF813,00000058,00000000,00000000,00000000,?,6F5676A7,?,?,00000000,6F4D67CC,00000000), ref: 6F4FF8D5
                                                                                    • Part of subcall function 6F4FF8C8: RtlRbRemoveNode.BCCB(6F5E86DC,00000030,6F5E86AC,00000058,?,00000030,6F4FF813,00000058,00000000,00000000,00000000,?,6F5676A7,?,?,00000000), ref: 6F4FF8E0
                                                                                    • Part of subcall function 6F4FF8C8: RtlReleaseSRWLockExclusive.BCCB(6F5E86AC,6F5E86DC,00000030,6F5E86AC,00000058,?,00000030,6F4FF813,00000058,00000000,00000000,00000000,?,6F5676A7,?,?), ref: 6F4FF8EE
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(00000058,00000058,00000000,00000000,00000000,?,6F5676A7,?,?,00000000,6F4D67CC,00000000,00000000,?,00000040), ref: 6F4FF814
                                                                                  • ZwClose.BCCB(?,00000058,00000058,00000000,00000000,00000000,?,6F5676A7,?,?,00000000,6F4D67CC,00000000,00000000,?,00000040), ref: 6F4FF82E
                                                                                  • RtlSetLastWin32Error.BCCB(00000006,00000000,00000000,00000000,?,6F5676A7,?,?,00000000,6F4D67CC,00000000,00000000,?,00000040), ref: 6F4FF867
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$Acquire$CloseErrorLastNodeRemoveWin32
                                                                                  • String ID:
                                                                                  • API String ID: 2169420607-0
                                                                                  • Opcode ID: f0752a30c7b33ce72f6ced88267528de2f9f0a202f502c874a5f96d983bc4094
                                                                                  • Instruction ID: 50d0163ed3d63eb9fa636230d4c9a7be01c12cff7bd8e43e71adc93063e9384c
                                                                                  • Opcode Fuzzy Hash: f0752a30c7b33ce72f6ced88267528de2f9f0a202f502c874a5f96d983bc4094
                                                                                  • Instruction Fuzzy Hash: AA11B63622320597DB01AF24C4C0FAA3765EFC1B34F400639DD185FA85DB20AC83E7A4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F581242, Relevance: 9.0, APIs: 6, Instructions: 31nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwUnmapViewOfSection.BCCB(000000FF,?,6F58122C,6F5D07D0,00000058,6F580C91,?,00000000,?,00000000,?,?,?,6F5AB56B,00000000,?), ref: 6F58124C
                                                                                  • ZwClose.BCCB(?,000000FF,?,6F58122C,6F5D07D0,00000058,6F580C91,?,00000000,?,00000000,?,?,?,6F5AB56B,00000000), ref: 6F58125A
                                                                                  • ZwClose.BCCB(?,000000FF,?,6F58122C,6F5D07D0,00000058,6F580C91,?,00000000,?,00000000,?,?,?,6F5AB56B,00000000), ref: 6F581267
                                                                                  • ZwClose.BCCB(?,6F58122C,6F5D07D0,00000058,6F580C91,?,00000000,?,00000000,?,?,?,6F5AB56B,00000000,?,00000000), ref: 6F581275
                                                                                  • ZwClose.BCCB(?,6F58122C,6F5D07D0,00000058,6F580C91,?,00000000,?,00000000,?,?,?,6F5AB56B,00000000,?,00000000), ref: 6F581286
                                                                                  • ZwClose.BCCB(?,6F58122C,6F5D07D0,00000058,6F580C91,?,00000000,?,00000000,?,?,?,6F5AB56B,00000000,?,00000000), ref: 6F581297
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Close$SectionUnmapView
                                                                                  • String ID:
                                                                                  • API String ID: 682624529-0
                                                                                  • Opcode ID: df9b40cab72dcffc0bbba800b8aff6860ab2831aacd6ae3e33e08911f29cf166
                                                                                  • Instruction ID: 6c69e6490bb9027966d62e381140abbd4ea68252311ef0bd6622a832695fd9a5
                                                                                  • Opcode Fuzzy Hash: df9b40cab72dcffc0bbba800b8aff6860ab2831aacd6ae3e33e08911f29cf166
                                                                                  • Instruction Fuzzy Hash: 09F059B6D0122CAADF059FB5D884BDDBB72AF90219F100139E032611E5EF755C91DB41
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F52D294, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93memorynativefileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwQueryAttributesFile.BCCB(?,?,?,?), ref: 6F52D313
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,?,?,?,?), ref: 6F52D330
                                                                                  • ZwClose.BCCB(00000000,?,?,?,?), ref: 6F56B001
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,00000000,?,?,?,?), ref: 6F56B011
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: FreeHeap$AttributesCloseFileQuery
                                                                                  • String ID: @
                                                                                  • API String ID: 2866988855-2766056989
                                                                                  • Opcode ID: cb67e9606db8488c1cde1aaeedb8dd3224b1c50e44622e04c47dd2a0ad6f0276
                                                                                  • Instruction ID: 6ebc3734179bddd73ef88f2227beb2dbbe837c25d9c80afad3f45e3f8f1275c6
                                                                                  • Opcode Fuzzy Hash: cb67e9606db8488c1cde1aaeedb8dd3224b1c50e44622e04c47dd2a0ad6f0276
                                                                                  • Instruction Fuzzy Hash: D9314BB65487059FD311CF28C980A9BFBE9AFD5754F000A3EB99483290D635DD05CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51E090, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlWow64EnableFsRedirectionEx.BCCB(6F5E7B60,6F5E7B60,6F51DFDF,?,00000000,6F5E7B60,6F5CFE18,00000028), ref: 6F51E0A6
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E7B60,6F51DFDF,?,00000000,6F5E7B60,6F5CFE18,00000028), ref: 6F51E0B7
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E7B60,6F5E7B60,6F51DFDF,?,00000000,6F5E7B60,6F5CFE18,00000028), ref: 6F51E0DC
                                                                                  • ZwSetEvent.BCCB(00000000,6F5E7B60,6F5E7B60,6F51DFDF,?,00000000,6F5E7B60,6F5CFE18,00000028), ref: 6F51E0EF
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnableEnterEventLeaveRedirectionWow64
                                                                                  • String ID: `{^o
                                                                                  • API String ID: 355146318-3153306557
                                                                                  • Opcode ID: 3dca536dbe608f037bcc764b2be711f13795d5fbdd222c74d2ef3bdc49e219f8
                                                                                  • Instruction ID: 17ddfc8fb940005ae90bc46d1dfd99043dce57a39f240b3fabc02f856b101405
                                                                                  • Opcode Fuzzy Hash: 3dca536dbe608f037bcc764b2be711f13795d5fbdd222c74d2ef3bdc49e219f8
                                                                                  • Instruction Fuzzy Hash: 2101D174C096489FFF01EA749940BCE7EB9AF46328F1101B5E01066A93E3357D80C761
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51B944, Relevance: 7.7, APIs: 5, Instructions: 166nativetimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT(00000000,?,00002710,00000000,?,?,?), ref: 6F51B9A5
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(00000000,?,00002710,00000000,?,?,?), ref: 6F51BA9C
                                                                                  • ZwSetTimer2.BCCB(00000000,?,00000000,?,00000000,?,00002710,00000000,?,?,?), ref: 6F51BAC6
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,?), ref: 6F51BAE9
                                                                                  • ZwCancelTimer2.BCCB(00000000,00000000,?,?,?), ref: 6F51BB03
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSessionTimer2$CancelUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID:
                                                                                  • API String ID: 1220516486-0
                                                                                  • Opcode ID: b58557bfc314ca5b2b1661005f26d8a289a5d62be74de1766a7b55e49c29daab
                                                                                  • Instruction ID: 28dff3789200f64747c86d9411819c5ad88a9d51a9e671d2183df18cfbbe0626
                                                                                  • Opcode Fuzzy Hash: b58557bfc314ca5b2b1661005f26d8a289a5d62be74de1766a7b55e49c29daab
                                                                                  • Instruction Fuzzy Hash: 22513371A08740EFE720EF29C18091ABBF5BB89714F148A6EE9959B354D731FC44CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F9100, Relevance: 7.6, APIs: 5, Instructions: 141nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,6F5CF6E8,0000002C,6F54E530,00000000,?,6F5D01C0,00000010,6F5C810C,00000000,00000000,00000000,00000000,6F5E86C4,6F5E86C4,00000008), ref: 6F4F9158
                                                                                  • ZwShutdownWorkerFactory.BCCB(?,?), ref: 6F4F9182
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F4F91C0
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AcquireCurrentExclusiveFactoryLockServiceSessionShutdownWorker
                                                                                  • String ID:
                                                                                  • API String ID: 1345183298-0
                                                                                  • Opcode ID: 44adc1bcedb158f5f05c6f1003224cc47a8d7ee0f7c3f15039adae8200e6f27b
                                                                                  • Instruction ID: 27da677ee745de1392c70ae97aa5f8744d38e7a5cd00a5aa31de54e2c4faf605
                                                                                  • Opcode Fuzzy Hash: 44adc1bcedb158f5f05c6f1003224cc47a8d7ee0f7c3f15039adae8200e6f27b
                                                                                  • Instruction Fuzzy Hash: C351F471D066459BEB05CF68CA44F8DBBB2BFC5314F15423AC419A7A84D331AD42C792
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5819C8, Relevance: 7.6, APIs: 5, Instructions: 107nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwCreateSection.BCCB(?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6F581A54
                                                                                  • ZwMapViewOfSection.BCCB(?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004,08000000), ref: 6F581A74
                                                                                  • memset.BCCB(?,00000000,000000F0,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?), ref: 6F581A88
                                                                                  • ZwUnmapViewOfSection.BCCB(000000FF,?,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6F581AB8
                                                                                  • ZwClose.BCCB(?,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6F581AC8
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Section$View$CloseCreateUnmapmemset
                                                                                  • String ID:
                                                                                  • API String ID: 788617167-0
                                                                                  • Opcode ID: 77c0bd51e630a667eaba0cead26d1e37344295029b98cca860612fa6308b154e
                                                                                  • Instruction ID: 8aa54f155c5fc20786a26bf0bb0af87f242cdf26b8b12f1a548df7c58bf2467b
                                                                                  • Opcode Fuzzy Hash: 77c0bd51e630a667eaba0cead26d1e37344295029b98cca860612fa6308b154e
                                                                                  • Instruction Fuzzy Hash: 0E310FB5E00269ABDB10CF99C840E9EFBF9AFD5714F14416AE920B7290D7715E40CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F3880, Relevance: 7.6, APIs: 5, Instructions: 97memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • TpSetWaitEx.BCCB(000000FF,?,00000000,00000000), ref: 6F4F38B7
                                                                                    • Part of subcall function 6F51ECE0: RtlAcquireSRWLockExclusive.BCCB(?,00000000,00000000), ref: 6F51ED2C
                                                                                    • Part of subcall function 6F51ECE0: RtlReleaseSRWLockExclusive.BCCB(?,00000000,00000000,?,00000000,00000000), ref: 6F51ED90
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,00001030,00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000,00000000), ref: 6F4F38D1
                                                                                  • ZwGetCompleteWnfStateSubscription.BCCB(00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000,00000000), ref: 6F4F38F0
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,?,?,00000000,00000000,00001030,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6F4F3914
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveHeapLock$AcquireAllocateCompleteFreeReleaseStateSubscriptionWait
                                                                                  • String ID:
                                                                                  • API String ID: 2233382-0
                                                                                  • Opcode ID: a657f5d93252c70eeab64b97da581b9a5a8a2400f7449e08db6bc3fd7b2c38fe
                                                                                  • Instruction ID: 414202a79805fdd4ef8557192c330565db0ea6bd62cdf7c7dfb8d4e477a055d4
                                                                                  • Opcode Fuzzy Hash: a657f5d93252c70eeab64b97da581b9a5a8a2400f7449e08db6bc3fd7b2c38fe
                                                                                  • Instruction Fuzzy Hash: A731A132D45619AFD720CEA9C941FAEBBF9EF85314F014576E828D7690D730AE018B91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F4A20, Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F4F4A2A
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?), ref: 6F4F4AB3
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentFreeHeapServiceSession
                                                                                  • String ID:
                                                                                  • API String ID: 1159841122-0
                                                                                  • Opcode ID: 6b92ae284831e51c90ca94ee262fad7032f695842acd6652d0566db9d238e52c
                                                                                  • Instruction ID: d9a52861c3c15f15e865817daab1ffe0e0413cb3725b12b7b4d96048ecababe9
                                                                                  • Opcode Fuzzy Hash: 6b92ae284831e51c90ca94ee262fad7032f695842acd6652d0566db9d238e52c
                                                                                  • Instruction Fuzzy Hash: 4321B9315497019BC7219B68CA00F0677B6BFD1368F20473AE4594AAF0EB30BC53CB96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FF150, Relevance: 7.6, APIs: 5, Instructions: 59nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFormatCurrentUserKeyPath.BCCB(?,02000000,?,00000000), ref: 6F4FF15F
                                                                                    • Part of subcall function 6F50A3E0: ZwQueryInformationToken.BCCB(000000FA,00000001,?,00000050,?,?), ref: 6F50A404
                                                                                    • Part of subcall function 6F50A3E0: RtlLengthSidAsUnicodeString.BCCB(?,?,000000FA,00000001,?,00000050,?,?), ref: 6F50A414
                                                                                    • Part of subcall function 6F50A3E0: RtlAppendUnicodeToString.BCCB(?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6F50A443
                                                                                    • Part of subcall function 6F50A3E0: RtlConvertSidToUnicodeString.BCCB(?,?,00000000,?,\REGISTRY\USER\,?,02000000,?,?,000000FA,00000001,?,00000050,?,?), ref: 6F50A469
                                                                                  • RtlFreeUnicodeString.BCCB(?,?,?,?,?,02000000,?,00000000), ref: 6F4FF19D
                                                                                    • Part of subcall function 6F512400: RtlDeleteBoundaryDescriptor.BCCB(?,00000000,?,6F588405,?,?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?), ref: 6F512412
                                                                                  • ZwOpenKey.BCCB(?,?,?,?,02000000,?,00000000), ref: 6F4FF192
                                                                                    • Part of subcall function 6F539600: LdrInitializeThunk.NTDLL(6F531119,?,?,00000018,?), ref: 6F53960A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: StringUnicode$AppendBoundaryConvertCurrentDeleteDescriptorFormatFreeInformationInitializeLengthOpenPathQueryThunkTokenUser
                                                                                  • String ID:
                                                                                  • API String ID: 1101908438-0
                                                                                  • Opcode ID: caa34dd0de194c97e6e34c62d91ebdbf93db18661a1181ec247edfe5c767e2c1
                                                                                  • Instruction ID: ef5103d8ce675f9ac98ab9c057caec8bbbb7f9389174bddbacd3f8959f683fba
                                                                                  • Opcode Fuzzy Hash: caa34dd0de194c97e6e34c62d91ebdbf93db18661a1181ec247edfe5c767e2c1
                                                                                  • Instruction Fuzzy Hash: 2B11C6B2C0122DABDF11DF96C8848EFFFB9FB88364F004166E914A7240D7759A55CBA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FA63B, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?,?,-00000001,?,6F5212AD,?,00000000,?,6F54FC21,00000000,00000000), ref: 6F554314
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID: @f^o
                                                                                  • API String ID: 1279760036-255802528
                                                                                  • Opcode ID: 5fa8c8ae579aa3a02e433cff8c7cd1531bab887244574f833225807f75198fc1
                                                                                  • Instruction ID: dd8fc5a9d7ad03a90b6ec0ecd8a178dda6a9084b7a959d48c51f90d6882e46f5
                                                                                  • Opcode Fuzzy Hash: 5fa8c8ae579aa3a02e433cff8c7cd1531bab887244574f833225807f75198fc1
                                                                                  • Instruction Fuzzy Hash: 3711E33B555E519BDB258F2CCA40AA133B6FB86BA9F520035E518EB7A0D7359C71C320
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F58176C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwOpenEvent.BCCB(00000568,00100001,?,?,00000000), ref: 6F5817B5
                                                                                  • ZwWaitForSingleObject.BCCB(00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6F5817E1
                                                                                  • ZwClose.BCCB(00000568,00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6F5817EB
                                                                                  Strings
                                                                                  • \KernelObjects\SystemErrorPortReady, xrefs: 6F58178B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CloseEventObjectOpenSingleWait
                                                                                  • String ID: \KernelObjects\SystemErrorPortReady
                                                                                  • API String ID: 2739627308-2278496901
                                                                                  • Opcode ID: adc63f56f25342cc42778628bc7df8ebae969b829bb47e2168c3affb0ec78a56
                                                                                  • Instruction ID: a4f70abb79bb12bcb8786545335cbaf9e4f0174bf90a111680553229d5c118b6
                                                                                  • Opcode Fuzzy Hash: adc63f56f25342cc42778628bc7df8ebae969b829bb47e2168c3affb0ec78a56
                                                                                  • Instruction Fuzzy Hash: 8F113376D1022CAACB10CFA99841AEEFBB8EF85210F10416BE964F3290E7705E05CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F429E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51librarynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB(?,\DllNXOptions,?,?,00000000), ref: 6F4F42C7
                                                                                    • Part of subcall function 6F530F48: ZwOpenKey.BCCB(?,?,00000018), ref: 6F531015
                                                                                  • ZwClose.BCCB(?,?,?,?,\DllNXOptions,?,?,00000000), ref: 6F55068E
                                                                                  • LdrQueryImageFileKeyOption.BCCB(?,?,00000004,?,00000004,?,?,?,00000000), ref: 6F5506A6
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CloseFileImageInitOpenOptionQueryStringUnicode
                                                                                  • String ID: \DllNXOptions
                                                                                  • API String ID: 166309601-742623237
                                                                                  • Opcode ID: 69704d61bccd710f517385ec8ad068d6cb56136307a6c9dbcdba5a64140607d1
                                                                                  • Instruction ID: 5a3dae1c1c89f338f064d8d3438566c46a425fc44bc35eb7a725fe00b386dc8a
                                                                                  • Opcode Fuzzy Hash: 69704d61bccd710f517385ec8ad068d6cb56136307a6c9dbcdba5a64140607d1
                                                                                  • Instruction Fuzzy Hash: F201FC769046197BDB11D6589D00D9F776CEFC532CF1000B7EA08EB180DB309E1182E1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FF4E3, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E7B60,00000000,6F5008CF,?,?,?,?,?,?,6F550AF4,?), ref: 6F4FF4FC
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E7B60,6F5E7B60,00000000,6F5008CF,?,?,?,?,?,?,6F550AF4,?), ref: 6F4FF509
                                                                                  • ZwSetEvent.BCCB(00000000,6F5E7B60,6F5E7B60,00000000,6F5008CF,?,?,?,?,?,?,6F550AF4,?), ref: 6F4FF516
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterEventLeave
                                                                                  • String ID: `{^o
                                                                                  • API String ID: 3094578987-3153306557
                                                                                  • Opcode ID: 83fadd746a39c1ddc2b6602ab111c2bbd0085259da9c4ece7c3785049e7c61f8
                                                                                  • Instruction ID: f21c117c03d3507079573d18ea5dd9463b547a62a61a534c8c3e3766e70f76f8
                                                                                  • Opcode Fuzzy Hash: 83fadd746a39c1ddc2b6602ab111c2bbd0085259da9c4ece7c3785049e7c61f8
                                                                                  • Instruction Fuzzy Hash: C2D0A733A02735A7DB207724FD40FD43299AF41334F210870E540225C36B746C81469C
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5BB581, Relevance: 6.2, APIs: 4, Instructions: 163nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,6F54FC28), ref: 6F5BB6C4
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,?,6F54FC28), ref: 6F5BB6F0
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F5BB726
                                                                                  • ZwTraceEvent.BCCB(?,00000402,00000004,?), ref: 6F5BB75E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSession$EventTrace
                                                                                  • String ID:
                                                                                  • API String ID: 4061387822-0
                                                                                  • Opcode ID: c3cbaf75e96a942c05d33bee1ac159bd4f6947eaa3406ff68a53ee0540f5787d
                                                                                  • Instruction ID: ac2682eaf464e8ab84be7be45822e20e2e889e1b0104510bf60929ac07823830
                                                                                  • Opcode Fuzzy Hash: c3cbaf75e96a942c05d33bee1ac159bd4f6947eaa3406ff68a53ee0540f5787d
                                                                                  • Instruction Fuzzy Hash: AD51F531608B46AFD301DF68C5E1BA6B7E0BF81304F14097DA8558B2D1EBB1EC05C792
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F1AA0, Relevance: 6.1, APIs: 4, Instructions: 123memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlReAllocateHeap.BCCB(?,00000008,00000000,?,00000000,?,?,00000000,C0000017), ref: 6F4F1B1E
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,?,00000000,?,00002000,00000004,00000000,?,?,00000000,C0000017,?,?,6F4F16E0), ref: 6F4F1B83
                                                                                  • ZwAllocateVirtualMemory.BCCB(000000FF,6F4F16E0,00000000,C0000017,00001000,00000004,00000000,?,?,00000000,C0000017,?,?,6F4F16E0), ref: 6F4F1BBD
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,00000000,?,?,00000000,C0000017), ref: 6F4F1BD8
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Allocate$HeapMemoryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 1343662020-0
                                                                                  • Opcode ID: ff884249f956a76cbe8466050f7d8afdfb7191b031ec1569717d03b17d0e24ed
                                                                                  • Instruction ID: 9aa8411ede4185661afdf89d5d950b1a0eb2ec958f496d32b9256684fa5b0088
                                                                                  • Opcode Fuzzy Hash: ff884249f956a76cbe8466050f7d8afdfb7191b031ec1569717d03b17d0e24ed
                                                                                  • Instruction Fuzzy Hash: 50413EB1A05605EFD724CFA9C980E9AB7F5FF88300B50456EE55ADB650E730EA05CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FF018, Relevance: 6.1, APIs: 4, Instructions: 95memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,?,00000000,?), ref: 6F4FF05B
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,00000000,?,00000000,?,00000008,?,?,00000000,?), ref: 6F4FF07A
                                                                                  • memcpy.BCCB(00000000,0000000C,?,?,?,00000002,00000000,?,00000000,?,00000008,?,?,00000000,?), ref: 6F4FF0AB
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,00000002,00000000,?,00000000,?,00000008,?,?,00000000,?), ref: 6F4FF0CB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocateFreeQueryValuememcpy
                                                                                  • String ID:
                                                                                  • API String ID: 125101864-0
                                                                                  • Opcode ID: 505cdb4590f4c2fa0a685607fb8905ed14938dcd0161c7b296e56ef626f41d17
                                                                                  • Instruction ID: 1afc849b077d00ade65b2d071407a1c4886e9476408385ca72767a395b001586
                                                                                  • Opcode Fuzzy Hash: 505cdb4590f4c2fa0a685607fb8905ed14938dcd0161c7b296e56ef626f41d17
                                                                                  • Instruction Fuzzy Hash: C031D432A03604AFE711CE58C980F9A73B9EBC5764F11822AED18DB740D734ED42CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F6730, Relevance: 6.1, APIs: 4, Instructions: 92timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F4F674F
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(00000001), ref: 6F4F677C
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,00000001), ref: 6F4F67B1
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F4F67B9
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSession$DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 286911700-0
                                                                                  • Opcode ID: cced2aa441426769f6e4836b0abfd8fba0c7b362a11ac9bbec604ef675f4470b
                                                                                  • Instruction ID: 5dd917ad0c5412c9c935ff9eafd6833713a5879e654e069865fcee2263b1e1a8
                                                                                  • Opcode Fuzzy Hash: cced2aa441426769f6e4836b0abfd8fba0c7b362a11ac9bbec604ef675f4470b
                                                                                  • Instruction Fuzzy Hash: 29316E35619A05AFD702DF68DA54A8ABBA2FF86714F405126E8054BE90D735FC31CB82
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F521DB5, Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlQueryInformationActivationContext.BCCB(-40000003,?,00000000,00000006,00000000,00000000,00000000,00000000,?,?,?,00000040,-00000054,00000000), ref: 6F521DF7
                                                                                  • RtlQueryInformationActivationContext.BCCB(-40000003,-00000054,00000000,00000006,00000000,00000000,00000000,-40000003,?,00000000,00000006,00000000,00000000,00000000,00000000,?), ref: 6F521E36
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ActivationContextInformationQuery
                                                                                  • String ID:
                                                                                  • API String ID: 2130846384-0
                                                                                  • Opcode ID: 39ad629a20701d3ed16c14f322ca06b3d590f6998de82038df02d262996ece3b
                                                                                  • Instruction ID: 1b80898304e1024aa91c3ca6224ab853e5b14cf5afbc539cb0aaea55f8d81ea1
                                                                                  • Opcode Fuzzy Hash: 39ad629a20701d3ed16c14f322ca06b3d590f6998de82038df02d262996ece3b
                                                                                  • Instruction Fuzzy Hash: 5021D131640208EFD710CF69CD80E9BBBFDEF85784F100166E904AB290D331AE01C7A0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F523B7A, Relevance: 6.1, APIs: 4, Instructions: 75memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6F523BB0
                                                                                  • ZwQuerySystemInformationEx.BCCB(0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6F523BCF
                                                                                  • memset.BCCB(6F5643AB,00000000,?,0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6F523BEA
                                                                                  • RtlFreeHeap.BCCB(?,?,00000000,0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6F523C30
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocateFreeInformationQuerySystemmemset
                                                                                  • String ID:
                                                                                  • API String ID: 21860560-0
                                                                                  • Opcode ID: becde7473ce77665703ddac5ca94af3846311e71ea50d54681959eb74796459e
                                                                                  • Instruction ID: 4573270c4c1b0b3ebd8848881dd4df1258d1ca312273e9cd1f8593302c08129c
                                                                                  • Opcode Fuzzy Hash: becde7473ce77665703ddac5ca94af3846311e71ea50d54681959eb74796459e
                                                                                  • Instruction Fuzzy Hash: 9F21BE72A00608AFDB05CF58CE81F9AB7B9FB41318F150179E908AB291D371AD158B90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5218B9, Relevance: 6.1, APIs: 4, Instructions: 75nativetimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwCreateTimer2.BCCB(00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6F5218E6
                                                                                  • ZwCreateWaitCompletionPacket.BCCB(0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6F5218F6
                                                                                  • ZwAssociateWaitCompletionPacket.BCCB(?,00000000,00000058,00000060,?,00000000,?,?,0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002), ref: 6F521926
                                                                                  • ZwClose.BCCB(00000058,0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6F565690
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CompletionCreatePacketWait$AssociateCloseTimer2
                                                                                  • String ID:
                                                                                  • API String ID: 56835937-0
                                                                                  • Opcode ID: 741d9dd5a09678a4792a0933b1074370a1f7ee6f957733c3121cb0ea03ecc2f6
                                                                                  • Instruction ID: d870219f5c01ff7fcb19c362276abf7fb1ae8fcf8f55bf48031807077c665fbc
                                                                                  • Opcode Fuzzy Hash: 741d9dd5a09678a4792a0933b1074370a1f7ee6f957733c3121cb0ea03ecc2f6
                                                                                  • Instruction Fuzzy Hash: CB2162B190020AAFE700CF99C880E96BBF8FF89348F10856AE54497241D771ED56CFA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F586652, Relevance: 6.1, APIs: 4, Instructions: 74memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwClose.BCCB(00000000,00000000,00000000,00000000,?,?,6F56B381,00000001,6F5E861C,6F5D0268,00000020,6F50BE44,?,00000000,?,00000001), ref: 6F58668C
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,?,00000000,00000000,00000000,?,?,6F56B381,00000001,6F5E861C,6F5D0268,00000020,6F50BE44,?,00000000), ref: 6F5866D0
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateCloseHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3565931908-0
                                                                                  • Opcode ID: 92a6ce1fd1af71a5d0c4f256061c8198df9d715751209826de04de00d4a19df4
                                                                                  • Instruction ID: e5cf556921b4d56d961f52f2592f31322b158d2934561470d2b336b50931bffb
                                                                                  • Opcode Fuzzy Hash: 92a6ce1fd1af71a5d0c4f256061c8198df9d715751209826de04de00d4a19df4
                                                                                  • Instruction Fuzzy Hash: B0216F72620B21ABD7118E699950795B765BF53378F010336EC3097AD1D772FCA0CAE2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F4DC0, Relevance: 6.1, APIs: 4, Instructions: 73nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlWakeAddressAllNoFence.BCCB(00000000), ref: 6F4F4DE8
                                                                                  • RtlRaiseStatus.BCCB(00000000,?,?,?,6F50EBD0,?,?,?,?,00000000,?,6F4F1E03,?,6F4F1D6E,?), ref: 6F4F4E04
                                                                                  • ZwAlpcQueryInformation.BCCB(?,0000000B,FFFFFFFE,00000004,00000000,00000000,000000FF,?,?,00000000,?,?,?,6F50EBD0,?,?), ref: 6F550B73
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AddressAlpcFenceInformationQueryRaiseStatusWake
                                                                                  • String ID:
                                                                                  • API String ID: 3812654406-0
                                                                                  • Opcode ID: 5d5570f8a10cb7a806a67cbbe6a9f52131e3c8302fa82ec5a631861a7e33764d
                                                                                  • Instruction ID: aceddf0d24e098d791952cc39b414830ab89dd729e06aaeb9dbdecbcb10b54bb
                                                                                  • Opcode Fuzzy Hash: 5d5570f8a10cb7a806a67cbbe6a9f52131e3c8302fa82ec5a631861a7e33764d
                                                                                  • Instruction Fuzzy Hash: 4F11C471601305ABE7148A34CD41F9B739DEFC5768F10052BA91A97AD0EF70EE0182E5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F533EE4, Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,00000028,?,?,6F558546), ref: 6F533F07
                                                                                  • RtlGetLocaleFileMappingAddress.BCCB(00000000,6F5E65D4,6F558546,?,00000008,00000028,?,?,6F558546), ref: 6F533F23
                                                                                    • Part of subcall function 6F533FA0: ZwInitializeNlsFiles.BCCB(00000028,00000008,?,?,?,00000000,?,6F533F28,00000000,6F5E65D4,6F558546,?,00000008,00000028,?), ref: 6F533FCD
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,6F5E65D4,6F558546,?,00000008,00000028,?,?,6F558546), ref: 6F56E7D3
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,00000000,6F5E65D4,6F558546,?,00000008,00000028,?,?,6F558546), ref: 6F56E7EB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Heap$Free$AddressAllocateFileFilesInitializeLocaleMapping
                                                                                  • String ID:
                                                                                  • API String ID: 1831200515-0
                                                                                  • Opcode ID: fc896ce99a68047f04d40cbb58aca5d426a0e8ee7d5395a747e317d99a21fff3
                                                                                  • Instruction ID: 08a9f7dcb1e34a28073da7020b4d34a0470f319a7fda42f329bc6c195d69f576
                                                                                  • Opcode Fuzzy Hash: fc896ce99a68047f04d40cbb58aca5d426a0e8ee7d5395a747e317d99a21fff3
                                                                                  • Instruction Fuzzy Hash: E9219879601A009FC725DF28C901B52B7F5BF48708F2449B9A819CBB61E334EC42CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F588372, Relevance: 6.1, APIs: 4, Instructions: 72nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ZwClose.BCCB(00000000,?,00000000,00000000), ref: 6F58839C
                                                                                  • RtlStringFromGUIDEx.BCCB(?,?,00000001,?,00000000,00000000), ref: 6F5883B9
                                                                                  • ZwCreateKey.BCCB(?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?,00000000,00000000), ref: 6F5883F5
                                                                                  • RtlFreeUnicodeString.BCCB(?,?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?,00000000,00000000), ref: 6F588400
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: String$CloseCreateFreeFromUnicode
                                                                                  • String ID:
                                                                                  • API String ID: 4294597832-0
                                                                                  • Opcode ID: d22fc0c28f524fb04ff990ab248f5f7edd499377191333f3924a1c9c0073fb95
                                                                                  • Instruction ID: d901fb9cc5912273a8b9a61cbcf859260bfbf4329f2e9a7ae0d5b3990057665d
                                                                                  • Opcode Fuzzy Hash: d22fc0c28f524fb04ff990ab248f5f7edd499377191333f3924a1c9c0073fb95
                                                                                  • Instruction Fuzzy Hash: 95213EB6D0162DABDB14DFA4C8859EFB7B9EB44314F10417AE910F7240EB71AD048BA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F519E, Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6F4F52A5: RtlEnterCriticalSection.BCCB(6F5E79A0,?,?,00000000,?,?,?,6F4F51B4,?,?,?), ref: 6F4F52BF
                                                                                    • Part of subcall function 6F4F52A5: RtlLeaveCriticalSection.BCCB(6F5E79A0,6F5E79A0,?,?,00000000,?,?,?,6F4F51B4,?,?,?), ref: 6F4F52DD
                                                                                  • RtlEqualUnicodeString.BCCB(?,?,00000001,?,?,?), ref: 6F550CCB
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E79A0,?,?,?), ref: 6F550CE4
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Leave$EnterEqualStringUnicode
                                                                                  • String ID:
                                                                                  • API String ID: 4283003422-0
                                                                                  • Opcode ID: 9ef77d0bf6951cbd112c52a21f9a1694eb91b894929613f5eb0c284d31154cd7
                                                                                  • Instruction ID: 6b46565d336cd14427e378cbde9cc9dbcca3cf4dacff21ff4b32476e0bc912c1
                                                                                  • Opcode Fuzzy Hash: 9ef77d0bf6951cbd112c52a21f9a1694eb91b894929613f5eb0c284d31154cd7
                                                                                  • Instruction Fuzzy Hash: 55112471D426029BCB209F2CC640AEABBE5AF86714F10427BE85997A84DB31FC42C650
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FA745, Relevance: 6.0, APIs: 4, Instructions: 46memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,?,6F52DFD8,00000000,?,?,?,?,?,6F4F3DAD,?,00000000,6F5CF4D0,00000084), ref: 6F4FA757
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,?,6F52DFD8,00000000,?,?,?,?,?,6F4F3DAD,?,00000000,6F5CF4D0), ref: 6F4FA774
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,?,6F52DFD8,00000000,?,?,?,?,?,6F4F3DAD,?,00000000,6F5CF4D0), ref: 6F55442E
                                                                                  • RtlFreeHeap.BCCB(?,00000000,00000000,?,?,?,00000000,?,6F52DFD8,00000000,?,?,?,?,?,6F4F3DAD), ref: 6F55443F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireFreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 2563869513-0
                                                                                  • Opcode ID: 77661d33cacd8ef5b4f2928e029d64c73e81aed306d5870a151a74da7f8f4d1a
                                                                                  • Instruction ID: adfddc43b2a4fff9c888fba30461161510c755c1fbf2ae82b7f2f95cdbc71128
                                                                                  • Opcode Fuzzy Hash: 77661d33cacd8ef5b4f2928e029d64c73e81aed306d5870a151a74da7f8f4d1a
                                                                                  • Instruction Fuzzy Hash: F701AD72185B01DBD310DB2DDD00E56B7A9FF82329B09827AE4188B691DA34EC66CBD5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F530E21, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,00000618,?,?), ref: 6F530EDA
                                                                                  • RtlRaiseException.BCCB ref: 6F56CC58
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateExceptionHeapRaise
                                                                                  • String ID: Flst
                                                                                  • API String ID: 3789339297-2374792617
                                                                                  • Opcode ID: 7192b031886cfcbac44023c7a4cca975a382e66a3529aae7706a590f750f56ad
                                                                                  • Instruction ID: 53720507cb35bf914c933fdb55d6ee3bc3c8b65fce5d0fa8841896454838a675
                                                                                  • Opcode Fuzzy Hash: 7192b031886cfcbac44023c7a4cca975a382e66a3529aae7706a590f750f56ad
                                                                                  • Instruction Fuzzy Hash: E64189B2A09311CFD704CF28C580656FBE0EB89B18F10867EE469CB291E731DC85CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F66D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlInitUnicodeString.BCCB(?,UBR,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6F4F66F5
                                                                                  • ZwQueryValueKey.BCCB(?,?,00000002,?,00000014,?,?,UBR,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6F4F670B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: InitQueryStringUnicodeValue
                                                                                  • String ID: UBR
                                                                                  • API String ID: 3766860702-3525060630
                                                                                  • Opcode ID: ebbe530697c014cc163812b63f5bb144104b42a1174ffaec5bc4250acbf0d54d
                                                                                  • Instruction ID: fb0967ab19050526059565acc8b6aa45dec0b95fc032438d93f183f1c66a25e0
                                                                                  • Opcode Fuzzy Hash: ebbe530697c014cc163812b63f5bb144104b42a1174ffaec5bc4250acbf0d54d
                                                                                  • Instruction Fuzzy Hash: 10011A72A0521DABDB00DE99C9019EEB7FCEB89714F100177E905A7140E731AE558BA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5A8DF1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,Critical error detected %lx,?,6F5D0D50,00000074,6F5B20A2,?,?,6F5AFFAF,00000001,00000020,6F5E58C0,00000000), ref: 6F5A8E2A
                                                                                  • RtlRaiseException.BCCB(?), ref: 6F5A8E74
                                                                                  Strings
                                                                                  • Critical error detected %lx, xrefs: 6F5A8E21
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExceptionPrintRaise
                                                                                  • String ID: Critical error detected %lx
                                                                                  • API String ID: 1813208005-802127002
                                                                                  • Opcode ID: 59d1b1dc98d8e9de2e1c896e1c38cf085204b529a78aa45be68250193990a8d4
                                                                                  • Instruction ID: a7e68c9a4fed8906b2e1f1038bde477b9069c7c1b14b90b6b12af459269ebe04
                                                                                  • Opcode Fuzzy Hash: 59d1b1dc98d8e9de2e1c896e1c38cf085204b529a78aa45be68250193990a8d4
                                                                                  • Instruction Fuzzy Hash: CA115771D19388EADF24CFA885057DCBBB1BB45315F20826EE569AB382D3361E12CF15
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5AB260, Relevance: 91.3, APIs: 22, Strings: 30, Instructions: 262COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** Unhandled exception 0x%08lx, hit in %ws:%s,?,<unknown>,?,6F5D0DD8,00000018,6F5AB5A3,?,6F4D48A4,?,?,6F53B74A,6F4D1650,6F53B627), ref: 6F5AB2E6
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** A stack buffer overrun occurred in %ws:%s,<unknown>,?,6F5D0DD8,00000018,6F5AB5A3,?,6F4D48A4,?,?,6F53B74A,6F4D1650,6F53B627,6F53B627), ref: 6F5AB2FD
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.), ref: 6F5AB30C
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,If this bug ends up in the shipping product, it could be a severe security hole.), ref: 6F5AB31B
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,a NULL pointer), ref: 6F5AB4E7
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** enter .exr %p for the exception record,?), ref: 6F5AB4F8
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** enter .cxr %p for the context,?), ref: 6F5AB514
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** then kb to get the faulting stack), ref: 6F5AB523
                                                                                  • DbgPrintEx.BCCB(00000065,00000000, *** Restarting wait on critsec or resource at %p (in %ws:%s),?,?,?), ref: 6F5AB546
                                                                                  • RtlReportException.BCCB(00000000,?,00000000), ref: 6F5AB566
                                                                                  Strings
                                                                                  • write to, xrefs: 6F5AB4A6
                                                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 6F5AB323
                                                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 6F5AB2F3
                                                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 6F5AB39B
                                                                                  • The resource is owned shared by %d threads, xrefs: 6F5AB37E
                                                                                  • The resource is owned exclusively by thread %p, xrefs: 6F5AB374
                                                                                  • read from, xrefs: 6F5AB4AD, 6F5AB4B2
                                                                                  • *** enter .exr %p for the exception record, xrefs: 6F5AB4F1
                                                                                  • *** then kb to get the faulting stack, xrefs: 6F5AB51C
                                                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 6F5AB305
                                                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 6F5AB352
                                                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 6F5AB53F
                                                                                  • This failed because of error %Ix., xrefs: 6F5AB446
                                                                                  • a NULL pointer, xrefs: 6F5AB4E0
                                                                                  • Go determine why that thread has not released the critical section., xrefs: 6F5AB3C5
                                                                                  • *** enter .cxr %p for the context, xrefs: 6F5AB50D
                                                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 6F5AB3D6
                                                                                  • *** Inpage error in %ws:%s, xrefs: 6F5AB418
                                                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 6F5AB47D
                                                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 6F5AB38F
                                                                                  • The instruction at %p referenced memory at %p., xrefs: 6F5AB432
                                                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 6F5AB476
                                                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 6F5AB314
                                                                                  • an invalid address, %p, xrefs: 6F5AB4CF
                                                                                  • <unknown>, xrefs: 6F5AB27E, 6F5AB2D1, 6F5AB350, 6F5AB399, 6F5AB417, 6F5AB48E
                                                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 6F5AB48F
                                                                                  • The instruction at %p tried to %s , xrefs: 6F5AB4B6
                                                                                  • The critical section is owned by thread %p., xrefs: 6F5AB3B9
                                                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 6F5AB484
                                                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 6F5AB2DC
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$ExceptionReport
                                                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                  • API String ID: 374826753-108210295
                                                                                  • Opcode ID: 0d0bfcdf92a4ffae7173c77d8339baad29acaf1f12b9326d45a2bf0775e1251e
                                                                                  • Instruction ID: ca0b325957a33dd81604167cc72430fc6bc9821f2c18fce5c856464e95449108
                                                                                  • Opcode Fuzzy Hash: 0d0bfcdf92a4ffae7173c77d8339baad29acaf1f12b9326d45a2bf0775e1251e
                                                                                  • Instruction Fuzzy Hash: 1A810175900624FFDB11AA198C84EAF3B37AF8A3A6F414065F0156B552E3339D61CBB2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5B1C06, Relevance: 80.7, APIs: 21, Strings: 25, Instructions: 195COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 44%
                                                                                  			E6F5B1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x6f4d48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6F4FB150();
				} else {
					E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x6f5e589c);
				E6F4FB150("Heap error detected at %p (heap handle %p)\n",  *0x6f5e58a0);
				_t27 =  *0x6f5e5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M6F5B1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6F4FB150();
				} else {
					E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E6F4FB150("Error code: %d - %s\n",  *0x6f5e5898);
				_t113 =  *0x6f5e58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6F4FB150();
					} else {
						E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6F4FB150("Parameter1: %p\n",  *0x6f5e58a4);
				}
				_t115 =  *0x6f5e58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6F4FB150();
					} else {
						E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6F4FB150("Parameter2: %p\n",  *0x6f5e58a8);
				}
				_t117 =  *0x6f5e58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6F4FB150();
					} else {
						E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6F4FB150("Parameter3: %p\n",  *0x6f5e58ac);
				}
				_t119 =  *0x6f5e58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6F4FB150();
					} else {
						E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x6f5e58b4);
					E6F4FB150("Last known valid blocks: before - %p, after - %p\n",  *0x6f5e58b0);
				} else {
					_t120 =  *0x6f5e58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6F4FB150();
				} else {
					E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E6F4FB150("Stack trace available at %p\n", 0x6f5e58c0);
			}











                                                                                  0x6f5b1c10
                                                                                  0x6f5b1c16
                                                                                  0x6f5b1c1e
                                                                                  0x6f5b1c3d
                                                                                  0x6f5b1c3e
                                                                                  0x6f5b1c20
                                                                                  0x6f5b1c35
                                                                                  0x6f5b1c3a
                                                                                  0x6f5b1c44
                                                                                  0x6f5b1c55
                                                                                  0x6f5b1c5a
                                                                                  0x6f5b1c65
                                                                                  0x6f5b1c67
                                                                                  0x00000000
                                                                                  0x6f5b1c6e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b1c67
                                                                                  0x6f5b1cdc
                                                                                  0x6f5b1ce5
                                                                                  0x6f5b1d04
                                                                                  0x6f5b1d05
                                                                                  0x6f5b1ce7
                                                                                  0x6f5b1cfc
                                                                                  0x6f5b1d01
                                                                                  0x6f5b1d0b
                                                                                  0x6f5b1d17
                                                                                  0x6f5b1d1f
                                                                                  0x6f5b1d25
                                                                                  0x6f5b1d30
                                                                                  0x6f5b1d4f
                                                                                  0x6f5b1d50
                                                                                  0x6f5b1d32
                                                                                  0x6f5b1d47
                                                                                  0x6f5b1d4c
                                                                                  0x6f5b1d61
                                                                                  0x6f5b1d67
                                                                                  0x6f5b1d68
                                                                                  0x6f5b1d6e
                                                                                  0x6f5b1d79
                                                                                  0x6f5b1d98
                                                                                  0x6f5b1d99
                                                                                  0x6f5b1d7b
                                                                                  0x6f5b1d90
                                                                                  0x6f5b1d95
                                                                                  0x6f5b1daa
                                                                                  0x6f5b1db0
                                                                                  0x6f5b1db1
                                                                                  0x6f5b1db7
                                                                                  0x6f5b1dc2
                                                                                  0x6f5b1de1
                                                                                  0x6f5b1de2
                                                                                  0x6f5b1dc4
                                                                                  0x6f5b1dd9
                                                                                  0x6f5b1dde
                                                                                  0x6f5b1df3
                                                                                  0x6f5b1df9
                                                                                  0x6f5b1dfa
                                                                                  0x6f5b1e00
                                                                                  0x6f5b1e0a
                                                                                  0x6f5b1e13
                                                                                  0x6f5b1e32
                                                                                  0x6f5b1e33
                                                                                  0x6f5b1e15
                                                                                  0x6f5b1e2a
                                                                                  0x6f5b1e2f
                                                                                  0x6f5b1e39
                                                                                  0x6f5b1e4a
                                                                                  0x6f5b1e02
                                                                                  0x6f5b1e02
                                                                                  0x6f5b1e08
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5b1e08
                                                                                  0x6f5b1e5b
                                                                                  0x6f5b1e7a
                                                                                  0x6f5b1e7b
                                                                                  0x6f5b1e5d
                                                                                  0x6f5b1e72
                                                                                  0x6f5b1e77
                                                                                  0x6f5b1e95

                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,00000002,6F5E58C0,6F5B20B1,?,6F5AFFAF,00000001,00000020,6F5E58C0,00000000), ref: 6F5B1C35
                                                                                  • DbgPrint.BCCB(HEAP: ,?,00000002,6F5E58C0,6F5B20B1,?,6F5AFFAF,00000001,00000020,6F5E58C0,00000000), ref: 6F5B1C3E
                                                                                  • DbgPrint.BCCB(Heap error detected at %p (heap handle %p),?,00000002,6F5E58C0,6F5B20B1,?,6F5AFFAF,00000001,00000020,6F5E58C0,00000000), ref: 6F5B1C55
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,00000020,6F5E58C0,00000000), ref: 6F5B1CFC
                                                                                  • DbgPrint.BCCB(HEAP: ,00000020,6F5E58C0,00000000), ref: 6F5B1D05
                                                                                  • DbgPrint.BCCB(Error code: %d - %s,6F4D48A4,00000020,6F5E58C0,00000000), ref: 6F5B1D17
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1D47
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1D50
                                                                                  • DbgPrint.BCCB(Parameter1: %p,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1D61
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1D90
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1D99
                                                                                  • DbgPrint.BCCB(Parameter2: %p,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1DAA
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1DD9
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1DE2
                                                                                  • DbgPrint.BCCB(Parameter3: %p,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1DF3
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1E2A
                                                                                  • DbgPrint.BCCB(HEAP: ,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1E33
                                                                                  • DbgPrint.BCCB(Last known valid blocks: before - %p, after - %p,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1E4A
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,?,?,?,?,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1E72
                                                                                  • DbgPrint.BCCB(Stack trace available at %p,6F5E58C0,?,?,?,?,?,?,?,6F5E58C0,00000000), ref: 6F5B1E8B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                  • API String ID: 3558298466-2897834094
                                                                                  • Opcode ID: 348bd33363167603a899738d1559693f74ce6c04e5626904f5215b5a568855ab
                                                                                  • Instruction ID: 18e07d736676d5d63beb8f210dad8c97060fdb454e5a599cdc5031025c39d383
                                                                                  • Opcode Fuzzy Hash: 348bd33363167603a899738d1559693f74ce6c04e5626904f5215b5a568855ab
                                                                                  • Instruction Fuzzy Hash: 5061E433816585DFD785CBA8C6A9D2073A4EB077B5B27843EF40C9BB82C7309C418B4A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F6CA0, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 243COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 89%
                                                                                  			E6F4F6CA0(intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12, short* _a16) {
				char _v5;
				char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr* _t51;
				void* _t52;
				signed int _t54;
				signed short _t58;
				signed short _t59;
				void* _t60;
				signed short _t61;
				signed short _t62;
				signed short _t63;
				signed short _t69;
				signed short _t73;
				signed short _t74;
				signed short _t75;
				signed int _t82;
				intOrPtr _t83;
				signed short _t84;
				signed short _t86;
				signed short _t87;
				signed int _t88;
				void* _t92;
				signed int _t97;
				short _t98;
				signed short _t99;
				signed short _t101;
				signed short _t102;
				char _t103;
				void* _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;
				signed int _t118;
				intOrPtr* _t122;
				void* _t123;
				void* _t125;
				signed int _t127;
				signed int _t129;
				signed int _t130;
				signed short _t134;
				signed int _t136;
				intOrPtr* _t139;
				void* _t146;

				_t51 = _a4;
				if(_t51 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L6:
					_t52 = 0xc000000d;
				} else {
					_t103 =  *_t51;
					_t97 = 0;
					_v12 = 0;
					_v20 = 0;
					_v5 = _t103;
					_t146 = _t103 - 0x5b;
					if(_t146 == 0) {
						_t51 = _t51 + 1;
						__eflags = _t103 - 0x5b;
					}
					_v6 = _t146 == 0;
					if(E6F4F6D10(_t51,  &_v16, _a8) >= 0) {
						_t139 = _v16;
						_t54 = 0xa;
						__eflags =  *_t139 - 0x25;
						if( *_t139 != 0x25) {
							L22:
							__eflags =  *_t139 - 0x5d;
							if( *_t139 != 0x5d) {
								L51:
								_t98 = _v12;
								goto L52;
							} else {
								__eflags = _v5 - 0x5b;
								if(_v5 != 0x5b) {
									goto L6;
								} else {
									_t139 = _t139 + 1;
									_v6 = _t97;
									__eflags =  *_t139 - 0x3a;
									if( *_t139 != 0x3a) {
										goto L51;
									} else {
										_t139 = _t139 + 1;
										_v16 = _t54;
										_t129 = 0x10;
										__eflags =  *_t139 - 0x30;
										if( *_t139 == 0x30) {
											_t28 = _t139 + 1; // 0x4
											_t122 = _t28;
											_v16 = 8;
											_t139 = _t122;
											_t83 =  *_t139;
											__eflags = _t83 - 0x78;
											if(_t83 == 0x78) {
												L28:
												_v16 = _t129;
												_t31 = _t122 + 1; // 0x4
												_t139 = _t31;
											} else {
												__eflags = _t83 - 0x58;
												if(_t83 == 0x58) {
													goto L28;
												}
											}
										}
										_t58 =  *_t139;
										_v5 = _t58;
										__eflags = _t58;
										if(_t58 == 0) {
											goto L51;
										} else {
											_t99 = _v12;
											do {
												_t134 = _t58;
												_t59 = E6F53CB30(_t58, _t134);
												_pop(_t107);
												__eflags = _t59;
												if(_t59 == 0) {
													L36:
													_t60 = 0x10;
													__eflags = _v16 - _t60;
													if(_v16 != _t60) {
														goto L6;
													} else {
														_t61 = E6F53CB30(_t60, _t134);
														_pop(_t108);
														__eflags = _t61;
														if(_t61 == 0) {
															goto L6;
														} else {
															_t62 = E6F53CDD0(_t108, _t134);
															__eflags = _t62;
															if(_t62 == 0) {
																goto L6;
															} else {
																_t63 = E6F53CB30(_t62, _t134);
																_pop(_t110);
																__eflags = _t63;
																if(_t63 == 0) {
																	L42:
																	_push(0x41);
																} else {
																	_t74 = E6F53CCE0(_t110, _t134);
																	__eflags = _t74;
																	if(_t74 == 0) {
																		goto L42;
																	} else {
																		_push(0x61);
																	}
																}
																_pop(_t111);
																_t68 = ((_t99 & 0x0000ffff) << 4) - _t111 + 0xa + _t134;
																__eflags = ((_t99 & 0x0000ffff) << 4) - _t111 + 0xa + _t134 - 0xffff;
																if(((_t99 & 0x0000ffff) << 4) - _t111 + 0xa + _t134 > 0xffff) {
																	goto L6;
																} else {
																	_v12 = _v12 << 4;
																	_t69 = E6F53CB30(_t68, _t134);
																	_pop(_t112);
																	__eflags = _t69;
																	if(_t69 == 0) {
																		L47:
																		_push(0x41);
																	} else {
																		_t73 = E6F53CCE0(_t112, _t134);
																		__eflags = _t73;
																		if(_t73 == 0) {
																			goto L47;
																		} else {
																			_push(0x61);
																		}
																	}
																	_pop(_t113);
																	asm("cbw");
																	_t114 = 0xa;
																	_t99 = _v12 + _v5 - _t113 + _t114;
																	__eflags = _t99;
																	_v12 = _t99;
																	goto L49;
																}
															}
														}
													}
												} else {
													_t75 = E6F53CC80(_t107, _t134);
													__eflags = _t75;
													if(_t75 == 0) {
														goto L36;
													} else {
														_t118 = _v16;
														_t130 = _t118 & 0x0000ffff;
														__eflags = _t134 - 0x30 - _t130;
														if(_t134 - 0x30 >= _t130) {
															goto L36;
														} else {
															__eflags = (_t99 & 0x0000ffff) * _t130 + 0xffffffd0 + _t134 - 0xffff;
															if((_t99 & 0x0000ffff) * _t130 + 0xffffffd0 + _t134 > 0xffff) {
																goto L6;
															} else {
																asm("cbw");
																_t82 = _t118 * _v12 - 0x00000030 + _v5 & 0x0000ffff;
																_v12 = _t82;
																_t99 = _t82;
																goto L49;
															}
														}
													}
												}
												goto L7;
												L49:
												_t139 = _t139 + 1;
												_t58 =  *_t139;
												_v5 = _t58;
												__eflags = _t58;
											} while (_t58 != 0);
											L52:
											__eflags =  *_t139;
											if( *_t139 != 0) {
												goto L6;
											} else {
												__eflags = _v6;
												if(_v6 != 0) {
													goto L6;
												} else {
													 *_a16 = _t98;
													 *_a12 = _v20;
													_t52 = 0;
												}
											}
										}
									}
								}
							}
						} else {
							_t139 = _t139 + 1;
							_t101 =  *_t139;
							_t135 = _t101;
							_t84 = E6F53CB30(_t54, _t101);
							_pop(_t123);
							__eflags = _t84;
							if(_t84 == 0) {
								goto L6;
							} else {
								_t85 = E6F53CC80(_t123, _t135);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L6;
								} else {
									__eflags = _t101;
									if(_t101 == 0) {
										L21:
										_t97 = _v12;
										_t54 = 0xa;
										goto L22;
									} else {
										_t136 = _v12;
										while(1) {
											__eflags = _t101 - 0x5d;
											if(_t101 == 0x5d) {
												goto L21;
											}
											_t102 = _t101;
											_t86 = E6F53CB30(_t85, _t102);
											_pop(_t125);
											__eflags = _t86;
											if(_t86 == 0) {
												goto L6;
											} else {
												_t87 = E6F53CC80(_t125, _t102);
												__eflags = _t87;
												if(_t87 == 0) {
													goto L6;
												} else {
													_t88 = _v20;
													_t127 = 0xa;
													_v16 = _t88 * _t127;
													asm("cdq");
													_v16 = _v16 + _t102;
													asm("adc ecx, edx");
													_t92 = _v16 + 0xffffffd0;
													asm("adc ecx, 0xffffffff");
													__eflags = _t88 * _t127 >> 0x20 - _t136;
													if(__eflags > 0) {
														goto L6;
													} else {
														if(__eflags < 0) {
															L20:
															_t85 = 0xffffffd0 + _v20 * 0xa + _t102;
															_t139 = _t139 + 1;
															_v20 = 0xffffffd0 + _v20 * 0xa + _t102;
															_t101 =  *_t139;
															__eflags = _t101;
															if(_t101 != 0) {
																continue;
															} else {
																goto L21;
															}
														} else {
															__eflags = _t92 - 0xffffffff;
															if(_t92 > 0xffffffff) {
																goto L6;
															} else {
																goto L20;
															}
														}
													}
												}
											}
											goto L7;
										}
										goto L21;
									}
								}
							}
						}
					} else {
						goto L6;
					}
				}
				L7:
				return _t52;
			}




















































                                                                                  0x6f4f6ca5
                                                                                  0x6f4f6cb0
                                                                                  0x6f4f6cef
                                                                                  0x6f4f6cef
                                                                                  0x6f4f6cc4
                                                                                  0x6f4f6cc4
                                                                                  0x6f4f6cc6
                                                                                  0x6f4f6cc8
                                                                                  0x6f4f6ccb
                                                                                  0x6f4f6cce
                                                                                  0x6f4f6cd1
                                                                                  0x6f4f6cd4
                                                                                  0x6f4f6cfd
                                                                                  0x6f4f6cfe
                                                                                  0x6f4f6cfe
                                                                                  0x6f4f6cdc
                                                                                  0x6f4f6ce9
                                                                                  0x6f551c19
                                                                                  0x6f551c1e
                                                                                  0x6f551c1f
                                                                                  0x6f551c22
                                                                                  0x6f551cc3
                                                                                  0x6f551cc3
                                                                                  0x6f551cc6
                                                                                  0x6f551e20
                                                                                  0x6f551e20
                                                                                  0x00000000
                                                                                  0x6f551ccc
                                                                                  0x6f551ccc
                                                                                  0x6f551cd0
                                                                                  0x00000000
                                                                                  0x6f551cd6
                                                                                  0x6f551cd6
                                                                                  0x6f551cd7
                                                                                  0x6f551cda
                                                                                  0x6f551cdd
                                                                                  0x00000000
                                                                                  0x6f551ce3
                                                                                  0x6f551ce3
                                                                                  0x6f551ce4
                                                                                  0x6f551ce9
                                                                                  0x6f551cea
                                                                                  0x6f551ced
                                                                                  0x6f551cef
                                                                                  0x6f551cef
                                                                                  0x6f551cf2
                                                                                  0x6f551cf9
                                                                                  0x6f551cfb
                                                                                  0x6f551cfd
                                                                                  0x6f551cff
                                                                                  0x6f551d05
                                                                                  0x6f551d05
                                                                                  0x6f551d08
                                                                                  0x6f551d08
                                                                                  0x6f551d01
                                                                                  0x6f551d01
                                                                                  0x6f551d03
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551d03
                                                                                  0x6f551cff
                                                                                  0x6f551d0b
                                                                                  0x6f551d0d
                                                                                  0x6f551d10
                                                                                  0x6f551d12
                                                                                  0x00000000
                                                                                  0x6f551d18
                                                                                  0x6f551d18
                                                                                  0x6f551d1c
                                                                                  0x6f551d1c
                                                                                  0x6f551d20
                                                                                  0x6f551d25
                                                                                  0x6f551d26
                                                                                  0x6f551d28
                                                                                  0x6f551d76
                                                                                  0x6f551d78
                                                                                  0x6f551d79
                                                                                  0x6f551d7d
                                                                                  0x00000000
                                                                                  0x6f551d83
                                                                                  0x6f551d84
                                                                                  0x6f551d89
                                                                                  0x6f551d8a
                                                                                  0x6f551d8c
                                                                                  0x00000000
                                                                                  0x6f551d92
                                                                                  0x6f551d93
                                                                                  0x6f551d99
                                                                                  0x6f551d9b
                                                                                  0x00000000
                                                                                  0x6f551da1
                                                                                  0x6f551da2
                                                                                  0x6f551da7
                                                                                  0x6f551da8
                                                                                  0x6f551daa
                                                                                  0x6f551dbb
                                                                                  0x6f551dbb
                                                                                  0x6f551dac
                                                                                  0x6f551dad
                                                                                  0x6f551db3
                                                                                  0x6f551db5
                                                                                  0x00000000
                                                                                  0x6f551db7
                                                                                  0x6f551db7
                                                                                  0x6f551db7
                                                                                  0x6f551db5
                                                                                  0x6f551dc3
                                                                                  0x6f551dc9
                                                                                  0x6f551dcb
                                                                                  0x6f551dd0
                                                                                  0x00000000
                                                                                  0x6f551dd6
                                                                                  0x6f551dd6
                                                                                  0x6f551ddb
                                                                                  0x6f551de0
                                                                                  0x6f551de1
                                                                                  0x6f551de3
                                                                                  0x6f551df4
                                                                                  0x6f551df4
                                                                                  0x6f551de5
                                                                                  0x6f551de6
                                                                                  0x6f551dec
                                                                                  0x6f551dee
                                                                                  0x00000000
                                                                                  0x6f551df0
                                                                                  0x6f551df0
                                                                                  0x6f551df0
                                                                                  0x6f551dee
                                                                                  0x6f551dfd
                                                                                  0x6f551dfe
                                                                                  0x6f551e05
                                                                                  0x6f551e09
                                                                                  0x6f551e09
                                                                                  0x6f551e0c
                                                                                  0x00000000
                                                                                  0x6f551e0c
                                                                                  0x6f551dd0
                                                                                  0x6f551d9b
                                                                                  0x6f551d8c
                                                                                  0x6f551d2a
                                                                                  0x6f551d2b
                                                                                  0x6f551d31
                                                                                  0x6f551d33
                                                                                  0x00000000
                                                                                  0x6f551d35
                                                                                  0x6f551d35
                                                                                  0x6f551d3b
                                                                                  0x6f551d3e
                                                                                  0x6f551d40
                                                                                  0x00000000
                                                                                  0x6f551d42
                                                                                  0x6f551d4d
                                                                                  0x6f551d52
                                                                                  0x00000000
                                                                                  0x6f551d58
                                                                                  0x6f551d5f
                                                                                  0x6f551d68
                                                                                  0x6f551d6b
                                                                                  0x6f551d6e
                                                                                  0x00000000
                                                                                  0x6f551d6e
                                                                                  0x6f551d52
                                                                                  0x6f551d40
                                                                                  0x6f551d33
                                                                                  0x00000000
                                                                                  0x6f551e10
                                                                                  0x6f551e10
                                                                                  0x6f551e11
                                                                                  0x6f551e13
                                                                                  0x6f551e16
                                                                                  0x6f551e16
                                                                                  0x6f551e24
                                                                                  0x6f551e24
                                                                                  0x6f551e27
                                                                                  0x00000000
                                                                                  0x6f551e2d
                                                                                  0x6f551e2d
                                                                                  0x6f551e31
                                                                                  0x00000000
                                                                                  0x6f551e37
                                                                                  0x6f551e3e
                                                                                  0x6f551e47
                                                                                  0x6f551e49
                                                                                  0x6f551e49
                                                                                  0x6f551e31
                                                                                  0x6f551e27
                                                                                  0x6f551d12
                                                                                  0x6f551cdd
                                                                                  0x6f551cd0
                                                                                  0x6f551c28
                                                                                  0x6f551c28
                                                                                  0x6f551c29
                                                                                  0x6f551c2b
                                                                                  0x6f551c2f
                                                                                  0x6f551c34
                                                                                  0x6f551c35
                                                                                  0x6f551c37
                                                                                  0x00000000
                                                                                  0x6f551c3d
                                                                                  0x6f551c3e
                                                                                  0x6f551c44
                                                                                  0x6f551c46
                                                                                  0x00000000
                                                                                  0x6f551c4c
                                                                                  0x6f551c4c
                                                                                  0x6f551c4e
                                                                                  0x6f551cbd
                                                                                  0x6f551cbd
                                                                                  0x6f551cc2
                                                                                  0x00000000
                                                                                  0x6f551c50
                                                                                  0x6f551c50
                                                                                  0x6f551c53
                                                                                  0x6f551c53
                                                                                  0x6f551c56
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551c58
                                                                                  0x6f551c5c
                                                                                  0x6f551c61
                                                                                  0x6f551c62
                                                                                  0x6f551c64
                                                                                  0x00000000
                                                                                  0x6f551c6a
                                                                                  0x6f551c6b
                                                                                  0x6f551c71
                                                                                  0x6f551c73
                                                                                  0x00000000
                                                                                  0x6f551c79
                                                                                  0x6f551c79
                                                                                  0x6f551c7e
                                                                                  0x6f551c81
                                                                                  0x6f551c88
                                                                                  0x6f551c89
                                                                                  0x6f551c8f
                                                                                  0x6f551c91
                                                                                  0x6f551c94
                                                                                  0x6f551c97
                                                                                  0x6f551c99
                                                                                  0x00000000
                                                                                  0x6f551c9f
                                                                                  0x6f551c9f
                                                                                  0x6f551caa
                                                                                  0x6f551cb1
                                                                                  0x6f551cb3
                                                                                  0x6f551cb4
                                                                                  0x6f551cb7
                                                                                  0x6f551cb9
                                                                                  0x6f551cbb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551ca1
                                                                                  0x6f551ca1
                                                                                  0x6f551ca4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551ca4
                                                                                  0x6f551c9f
                                                                                  0x6f551c99
                                                                                  0x6f551c73
                                                                                  0x00000000
                                                                                  0x6f551c64
                                                                                  0x00000000
                                                                                  0x6f551c53
                                                                                  0x6f551c4e
                                                                                  0x6f551c46
                                                                                  0x6f551c37
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f6ce9
                                                                                  0x6f4f6cf4
                                                                                  0x6f4f6cfa

                                                                                  APIs
                                                                                  • RtlIpv6StringToAddressA.BCCB(?,00000000,?,00000000), ref: 6F4F6CE2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AddressIpv6String
                                                                                  • String ID: [
                                                                                  • API String ID: 27538981-784033777
                                                                                  • Opcode ID: 6fc8d88a6431a7faa658da00268c126386f55933642b9b9e14cb1f00605dfa96
                                                                                  • Instruction ID: 1befd702e8368d9236ebb234d15e6db8b46128c4cadc72d3ee2de17131589107
                                                                                  • Opcode Fuzzy Hash: 6fc8d88a6431a7faa658da00268c126386f55933642b9b9e14cb1f00605dfa96
                                                                                  • Instruction Fuzzy Hash: 90710436D042A66AEB018E78D860BEE7BB4AF87324F14456BD4E4DB6C1E734D992C710
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F8EE6, Relevance: 24.6, APIs: 3, Strings: 11, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: %s() found assembly information section with user data extending beyond section data Section header: %p UserDataSize: %lu UserDataOffset: %lu Section size: %Iu, xrefs: 6F55351C
                                                                                  • SXS: %s() found assembly information section with user data overlapping section header Section header: %p Header Size: %lu User Data Offset: %lu, xrefs: 6F55359D
                                                                                  • SXS: %s() passed string section at %p only %Iu bytes long; that's not even enough for the 4-byte magic and 4-byte header length!, xrefs: 6F5534F1
                                                                                  • SXS: %s() found assembly information section with element list overlapping section header Section header: %p Header Size: %lu ElementListOffset: %lu, xrefs: 6F553577
                                                                                  • SXS: %s() found assembly information section with user data too small Section header: %p UserDataSize: %lu; needed: %lu, xrefs: 6F55355D
                                                                                  • SsHd, xrefs: 6F4F8F1B
                                                                                  • SXS: %s() passed string section at %p with too small of a header HeaderSize: %lu Required: %lu, xrefs: 6F55354D
                                                                                  • SXS: %s() passed string section at %p claims %lu byte header size; that doesn't even include the HeaderSize member!, xrefs: 6F5534FF
                                                                                  • RtlpCrackActivationContextStringSectionHeader, xrefs: 6F5534EC, 6F5534FA, 6F553517, 6F553538, 6F553548, 6F553558, 6F553572, 6F553589, 6F553598
                                                                                  • SXS: %s() found assembly information section with wrong magic value Expected %lu; got %lu, xrefs: 6F55353D
                                                                                  • SXS: %s() found assembly information section with search structure overlapping section header Section header: %p Header Size: %lu SearchStructureOffset: %lu, xrefs: 6F55358E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlpCrackActivationContextStringSectionHeader$SXS: %s() found assembly information section with element list overlapping section header Section header: %p Header Size: %lu ElementListOffset: %lu$SXS: %s() found assembly information section with search structure overlapping section header Section header: %p Header Size: %lu SearchStructureOffset: %lu$SXS: %s() found assembly information section with user data extending beyond section data Section header: %p UserDataSize: %lu UserDataOffset: %lu Section size: %Iu$SXS: %s() found assembly information section with user data overlapping section header Section header: %p Header Size: %lu User Data Offset: %lu$SXS: %s() found assembly information section with user data too small Section header: %p UserDataSize: %lu; needed: %lu$SXS: %s() found assembly information section with wrong magic value Expected %lu; got %lu$SXS: %s() passed string section at %p claims %lu byte header size; that doesn't even include the HeaderSize member!$SXS: %s() passed string section at %p only %Iu bytes long; that's not even enough for the 4-byte magic and 4-byte header length!$SXS: %s() passed string section at %p with too small of a header HeaderSize: %lu Required: %lu$SsHd
                                                                                  • API String ID: 0-1525761513
                                                                                  • Opcode ID: d757f21ac836f618142d22450641488ad2ee84b2b2af7d9a155e903ef584cfc0
                                                                                  • Instruction ID: 6589d9ffc1e89d2687ef7a7877bad1d521934ecc475e17ec8f8eaf7a11ee0840
                                                                                  • Opcode Fuzzy Hash: d757f21ac836f618142d22450641488ad2ee84b2b2af7d9a155e903ef584cfc0
                                                                                  • Instruction Fuzzy Hash: A641E1B0204201BFA701CF1DCC82D67776FEBC5759760927AB41CAEA00E631ED228772
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5131F0, Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 248COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 65%
                                                                                  			E6F5131F0(void* __ecx, void __edx, void* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v12;
				void _v28;
				signed int _v32;
				void _v36;
				int _v40;
				void _v44;
				intOrPtr _v48;
				void _v52;
				intOrPtr* _v56;
				intOrPtr* _v60;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t80;
				void* _t85;
				intOrPtr _t86;
				void* _t90;
				signed int _t91;
				signed int _t95;
				signed int _t96;
				int _t97;
				void* _t99;
				intOrPtr _t100;
				signed int _t106;
				int _t110;
				void _t120;
				void* _t125;
				signed char _t126;
				void* _t127;
				intOrPtr _t128;
				void* _t135;
				void* _t136;
				intOrPtr _t137;
				signed int _t139;
				void* _t140;
				signed int _t152;

				_t132 = __edx;
				_v12 =  *0x6f5ed360 ^ _t139;
				_t135 = __ecx;
				_t136 = 0;
				_v56 = _a8;
				_t110 =  *(__ecx + 0xc);
				_v52 = __edx;
				_v60 = _a12;
				_v40 = _t110;
				if(_t110 < 0x20 ||  *((intOrPtr*)(__ecx + 4)) < 0x20) {
					_push( *((intOrPtr*)(_t135 + 4)));
					_push(_t110);
					_push(_t135);
					_push("SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu\n");
					goto L50;
				} else {
					if(__edx != 0) {
						_t82 =  *((intOrPtr*)(__ecx + 0x14));
						if( *((intOrPtr*)(__ecx + 0x14)) == 0) {
							goto L25;
						} else {
							_t132 = 1;
							_t85 = E6F58444F(_t82, 1, 0x10, _t110);
							_t86 =  *((intOrPtr*)(_t135 + 0x14));
							_push(_t110);
							if(_t85 != 0) {
								_t120 =  *(_t86 + _t135 + 4);
								_t132 = _t120;
								_v44 = _t120;
								_push(0x18);
								_v32 =  *((intOrPtr*)(_t86 + _t135 + 8));
								if(E6F58444F( *((intOrPtr*)(_t86 + _t135 + 8)), _t120) != 0) {
									_t123 = _v32 + _t135;
									_v32 = 0;
									_v48 = _t123;
									if(_v44 <= 0) {
										goto L25;
									} else {
										_t110 = _v52;
										_v36 = _t123;
										while(1) {
											_t90 = E6F53F380(_t110, _t123, 0x10);
											_t140 = _t140 + 0xc;
											_t91 = _v32;
											if(_t90 == 0) {
												break;
											}
											_t106 = _t91 + 1;
											_t123 = _v36 + 0x18;
											_v32 = _t106;
											_v36 = _v36 + 0x18;
											if(_t106 < _v44) {
												continue;
											} else {
												goto L25;
											}
											goto L52;
										}
										_t132 = 1;
										_t110 =  *(_v48 + 0x10 + (_t91 + _t91 * 2) * 8);
										if(E6F58444F(_t110, 1, 0x10,  *(_t135 + 0xc)) != 0) {
											goto L4;
										} else {
											_push(_v40);
											_push(0x10);
											_push(_t110);
											E6F585720(0x33, 0, "SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes)\n", _v32);
											goto L51;
										}
									}
								} else {
									_push(_t110);
									_push(0x18);
									_push(_v44);
									E6F585720(0x33, 0, "SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)\n", _v32);
									goto L51;
								}
							} else {
								E6F585720(0x33, 0, "SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes)\n", _t86);
								goto L51;
							}
						}
					} else {
						_t110 =  *(__ecx + 0x10);
						if(_t110 == 0) {
							L25:
							return E6F53B640(0xc0150001, _t110, _v12 ^ _t139, _t132, _t135, _t136);
						} else {
							L4:
							_t125 = _t135 + _t110;
							if(_t125 == 0) {
								goto L25;
							} else {
								_t110 =  *(_t125 + 4);
								if(_t110 == 0) {
									goto L25;
								} else {
									_v36 =  *(_t125 + 8);
									_t95 = _t110;
									_t96 = _t95 * 0x10;
									_t152 = _t95 * 0x10 >> 0x20;
									if(_t152 < 0 || _t152 <= 0 && _t96 <= 0xffffffff) {
										_t132 =  *(_t125 + 8);
										_t137 = _t96 + _t132;
										_v48 = _t137;
										_t136 = 0;
										if(_t137 < _t96) {
											goto L47;
										} else {
											_t97 =  *(_t135 + 0xc);
											if(_t132 >= _t97 || _v48 > _t97) {
												goto L48;
											} else {
												_t126 =  *(_t125 + 0xc);
												_t99 = _t132 + _t135;
												if((_t126 & 0x00000002) == 0) {
													_t127 = 0;
													if(_t110 != 0) {
														_t132 = _a4;
														while( *_t99 != _t132) {
															_t127 = _t127 + 1;
															_t99 = _t99 + 0x10;
															if(_t127 < _t110) {
																continue;
															} else {
															}
															goto L17;
														}
														goto L16;
													}
													goto L17;
												} else {
													_t132 =  *_t99;
													_t136 = _a4;
													if(_t136 < _t132) {
														goto L25;
													} else {
														if((_t126 & 0x00000001) != 0) {
															_t136 = _t136 - _t132;
															if(_t136 >= _t110) {
																goto L25;
															} else {
																_t136 = _t99 + (_t136 << 4);
																goto L17;
															}
														} else {
															_v28 = _t136;
															_t99 = bsearch( &_v28, _t99, _t110, 0x10, 0x6f528c30);
															_t140 = _t140 + 0x14;
															L16:
															_t136 = _t99;
															L17:
															if(_t136 == 0) {
																goto L25;
															} else {
																_t100 =  *((intOrPtr*)(_t136 + 4));
																if(_t100 == 0) {
																	goto L25;
																} else {
																	_t128 =  *((intOrPtr*)(_t136 + 8));
																	_t110 =  *(_t135 + 0xc);
																	if(_t128 > 0xffffffff) {
																		L26:
																		_push(_t110);
																		_push(_t128);
																		_push(_t100);
																		_push("SXS/RTL: Section found (offset %ld; length %lu) extends past end of activation context data (%lu bytes)\n");
																		L50:
																		_push(0);
																		_push(0x33);
																		E6F585720();
																		goto L51;
																	} else {
																		_t132 = _t128 + _t100;
																		if(_t132 < _t128 || _t100 >= _t110 || _t132 > _t110) {
																			goto L26;
																		} else {
																			 *_v56 = _t100 + _t135;
																			 *_v60 =  *((intOrPtr*)(_t136 + 8));
																			_t80 = 0;
																		}
																	}
																	goto L24;
																}
															}
														}
													}
												}
											}
										}
									} else {
										_t132 = _v36;
										L47:
										_t97 = _v40;
										L48:
										_push(_t97);
										_push(0x10);
										_push(_t110);
										E6F585720(0x33, 0, "SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)\n", _t132);
										L51:
										_t80 = 0xc0150003;
										L24:
										return E6F53B640(_t80, _t110, _v12 ^ _t139, _t132, _t135, _t136);
									}
								}
							}
						}
					}
				}
				L52:
			}







































                                                                                  0x6f5131f0
                                                                                  0x6f5131ff
                                                                                  0x6f513205
                                                                                  0x6f51320c
                                                                                  0x6f51320e
                                                                                  0x6f513214
                                                                                  0x6f513217
                                                                                  0x6f51321a
                                                                                  0x6f51321d
                                                                                  0x6f513223
                                                                                  0x6f55d974
                                                                                  0x6f55d977
                                                                                  0x6f55d978
                                                                                  0x6f55d979
                                                                                  0x00000000
                                                                                  0x6f513233
                                                                                  0x6f513235
                                                                                  0x6f55d824
                                                                                  0x6f55d829
                                                                                  0x00000000
                                                                                  0x6f55d82f
                                                                                  0x6f55d832
                                                                                  0x6f55d839
                                                                                  0x6f55d840
                                                                                  0x6f55d843
                                                                                  0x6f55d844
                                                                                  0x6f55d85d
                                                                                  0x6f55d861
                                                                                  0x6f55d867
                                                                                  0x6f55d86c
                                                                                  0x6f55d86e
                                                                                  0x6f55d878
                                                                                  0x6f55d89f
                                                                                  0x6f55d8a1
                                                                                  0x6f55d8a4
                                                                                  0x6f55d8aa
                                                                                  0x00000000
                                                                                  0x6f55d8b0
                                                                                  0x6f55d8b0
                                                                                  0x6f55d8b3
                                                                                  0x6f55d8b6
                                                                                  0x6f55d8ba
                                                                                  0x6f55d8bf
                                                                                  0x6f55d8c4
                                                                                  0x6f55d8c7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55d8cc
                                                                                  0x6f55d8cd
                                                                                  0x6f55d8d0
                                                                                  0x6f55d8d3
                                                                                  0x6f55d8d9
                                                                                  0x00000000
                                                                                  0x6f55d8db
                                                                                  0x00000000
                                                                                  0x6f55d8db
                                                                                  0x00000000
                                                                                  0x6f55d8d9
                                                                                  0x6f55d8e9
                                                                                  0x6f55d8f0
                                                                                  0x6f55d8fd
                                                                                  0x00000000
                                                                                  0x6f55d903
                                                                                  0x6f55d903
                                                                                  0x6f55d909
                                                                                  0x6f55d90b
                                                                                  0x6f55d916
                                                                                  0x00000000
                                                                                  0x6f55d91b
                                                                                  0x6f55d8fd
                                                                                  0x6f55d87a
                                                                                  0x6f55d87d
                                                                                  0x6f55d87e
                                                                                  0x6f55d880
                                                                                  0x6f55d88d
                                                                                  0x00000000
                                                                                  0x6f55d892
                                                                                  0x6f55d846
                                                                                  0x6f55d850
                                                                                  0x00000000
                                                                                  0x6f55d855
                                                                                  0x6f55d844
                                                                                  0x6f51323b
                                                                                  0x6f51323b
                                                                                  0x6f513240
                                                                                  0x6f51332c
                                                                                  0x6f513341
                                                                                  0x6f513246
                                                                                  0x6f513246
                                                                                  0x6f513246
                                                                                  0x6f51324b
                                                                                  0x00000000
                                                                                  0x6f513251
                                                                                  0x6f513251
                                                                                  0x6f513256
                                                                                  0x00000000
                                                                                  0x6f51325c
                                                                                  0x6f513264
                                                                                  0x6f513267
                                                                                  0x6f513269
                                                                                  0x6f51326b
                                                                                  0x6f51326d
                                                                                  0x6f51327e
                                                                                  0x6f513281
                                                                                  0x6f513284
                                                                                  0x6f513289
                                                                                  0x6f51328e
                                                                                  0x00000000
                                                                                  0x6f513294
                                                                                  0x6f513294
                                                                                  0x6f513299
                                                                                  0x00000000
                                                                                  0x6f5132a8
                                                                                  0x6f5132a8
                                                                                  0x6f5132ab
                                                                                  0x6f5132b1
                                                                                  0x6f55d934
                                                                                  0x6f55d938
                                                                                  0x6f55d93e
                                                                                  0x6f55d941
                                                                                  0x6f55d949
                                                                                  0x6f55d94a
                                                                                  0x6f55d94f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55d951
                                                                                  0x00000000
                                                                                  0x6f55d94f
                                                                                  0x00000000
                                                                                  0x6f55d941
                                                                                  0x00000000
                                                                                  0x6f5132b7
                                                                                  0x6f5132b7
                                                                                  0x6f5132b9
                                                                                  0x6f5132be
                                                                                  0x00000000
                                                                                  0x6f5132c0
                                                                                  0x6f5132c3
                                                                                  0x6f55d920
                                                                                  0x6f55d924
                                                                                  0x00000000
                                                                                  0x6f55d92a
                                                                                  0x6f55d92d
                                                                                  0x00000000
                                                                                  0x6f55d92d
                                                                                  0x6f5132c9
                                                                                  0x6f5132d5
                                                                                  0x6f5132d9
                                                                                  0x6f5132de
                                                                                  0x6f5132e1
                                                                                  0x6f5132e1
                                                                                  0x6f5132e3
                                                                                  0x6f5132e5
                                                                                  0x00000000
                                                                                  0x6f5132e7
                                                                                  0x6f5132e7
                                                                                  0x6f5132ec
                                                                                  0x00000000
                                                                                  0x6f5132ee
                                                                                  0x6f5132ee
                                                                                  0x6f5132f1
                                                                                  0x6f5132f7
                                                                                  0x6f513344
                                                                                  0x6f513344
                                                                                  0x6f513345
                                                                                  0x6f513346
                                                                                  0x6f513347
                                                                                  0x6f55d97e
                                                                                  0x6f55d97e
                                                                                  0x6f55d980
                                                                                  0x6f55d982
                                                                                  0x00000000
                                                                                  0x6f5132f9
                                                                                  0x6f5132f9
                                                                                  0x6f5132fe
                                                                                  0x00000000
                                                                                  0x6f513308
                                                                                  0x6f51330d
                                                                                  0x6f513315
                                                                                  0x6f513317
                                                                                  0x6f513317
                                                                                  0x6f5132fe
                                                                                  0x00000000
                                                                                  0x6f5132f7
                                                                                  0x6f5132ec
                                                                                  0x6f5132e5
                                                                                  0x6f5132c3
                                                                                  0x6f5132be
                                                                                  0x6f5132b1
                                                                                  0x6f513299
                                                                                  0x6f55d956
                                                                                  0x6f55d956
                                                                                  0x6f55d959
                                                                                  0x6f55d959
                                                                                  0x6f55d95c
                                                                                  0x6f55d95c
                                                                                  0x6f55d95d
                                                                                  0x6f55d95f
                                                                                  0x6f55d96a
                                                                                  0x6f55d98a
                                                                                  0x6f55d98a
                                                                                  0x6f51331c
                                                                                  0x6f513329
                                                                                  0x6f513329
                                                                                  0x6f51326d
                                                                                  0x6f513256
                                                                                  0x6f51324b
                                                                                  0x6f513240
                                                                                  0x6f513235
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • bsearch.BCCB(00000001,?,00000020,00000010,6F528C30,00000010,?,C00000E5,00000000,00000030,?,6F4F8D70,00000000,?,?,00000030), ref: 6F5132D9
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes),?,?,00000010,?,C00000E5,00000000,00000030,?,6F4F8D70,00000000,?,?,00000030), ref: 6F55D850
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes),?,00000020,00000010,00000030,00000010,?,C00000E5,00000000,00000030,?,6F4F8D70,00000000,?), ref: 6F55D96A
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu,00000001,?,?,C00000E5,00000000,00000030,?,6F4F8D70,00000000,?,?,00000030,?), ref: 6F55D982
                                                                                  Strings
                                                                                  • SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes), xrefs: 6F55D847
                                                                                  • SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes), xrefs: 6F55D90D
                                                                                  • SXS/RTL: Section found (offset %ld; length %lu) extends past end of activation context data (%lu bytes), xrefs: 6F513347
                                                                                  • SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes), xrefs: 6F55D884
                                                                                  • SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes), xrefs: 6F55D961
                                                                                  • SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu, xrefs: 6F55D979
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$bsearch
                                                                                  • String ID: SXS/RTL: Activation context data at %p too small; TotalSize = %lu; HeaderSize = %lu$SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)$SXS/RTL: Extended TOC offset (%ld) is outside bounds of activation context data (%lu bytes)$SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes)$SXS/RTL: Section found (offset %ld; length %lu) extends past end of activation context data (%lu bytes)$SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)
                                                                                  • API String ID: 3813682011-732641482
                                                                                  • Opcode ID: dbc4d8fd1f9585175d54799c0078e53da5c425e8d10c4463dda713dae97e1e00
                                                                                  • Instruction ID: b9e291064fe7cc67fc8cb0dcd4c519befd8a9d4308eff0b8e2d53f0f98d9859e
                                                                                  • Opcode Fuzzy Hash: dbc4d8fd1f9585175d54799c0078e53da5c425e8d10c4463dda713dae97e1e00
                                                                                  • Instruction Fuzzy Hash: 1D81D872E04219AFEB10CFA8C891F9EB3B5EF49354F10413AE925AB281D731BC51CB65
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F3ACA, Relevance: 21.3, APIs: 14, Instructions: 348COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 69%
                                                                                  			E6F4F3ACA(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t197;
				intOrPtr _t200;
				intOrPtr _t206;
				intOrPtr _t209;
				intOrPtr _t217;
				signed int _t224;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				signed int _t233;
				intOrPtr _t238;
				signed int _t246;
				signed int _t249;
				char* _t252;
				intOrPtr _t257;
				signed int _t272;
				intOrPtr _t280;
				intOrPtr _t281;
				signed char _t286;
				signed int _t291;
				signed int _t292;
				intOrPtr _t299;
				intOrPtr _t301;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				intOrPtr _t312;
				signed int* _t313;
				intOrPtr _t315;
				signed int _t316;
				void* _t317;

				_push(0x84);
				_push(0x6f5cf4d0);
				E6F54D0E8(__ebx, __edi, __esi);
				_t312 = __edx;
				 *((intOrPtr*)(_t317 - 0x38)) = __edx;
				 *((intOrPtr*)(_t317 - 0x20)) = __ecx;
				_t307 = 0;
				 *(_t317 - 0x74) = 0;
				 *((intOrPtr*)(_t317 - 0x78)) = 0;
				_t272 = 0;
				 *(_t317 - 0x60) = 0;
				 *((intOrPtr*)(_t317 - 0x68)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t197 = __edx + 0x28;
				 *((intOrPtr*)(_t317 - 0x7c)) = _t197;
				 *((intOrPtr*)(_t317 - 0x88)) = _t197;
				E6F512280(_t197, _t197);
				_t280 =  *((intOrPtr*)(_t312 + 0x2c));
				 *((intOrPtr*)(_t317 - 0x34)) = _t280;
				L1:
				while(1) {
					if(_t280 == _t312 + 0x2c) {
						E6F50FFB0(_t272, _t307,  *((intOrPtr*)(_t317 - 0x7c)));
						asm("sbb ebx, ebx");
						return E6F54D130( ~_t272 & 0xc000022d, _t307, _t312);
					}
					_t15 = _t280 - 4; // -4
					_t200 = _t15;
					 *((intOrPtr*)(_t317 - 0x70)) = _t200;
					 *((intOrPtr*)(_t317 - 0x8c)) = _t200;
					 *((intOrPtr*)(_t317 - 0x6c)) = _t200;
					_t308 = 0x7ffe0010;
					_t313 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									 *(_t317 - 0x30) =  *0x6f5e8628;
									 *(_t317 - 0x44) =  *0x6f5e862c;
									 *(_t317 - 0x28) =  *_t313;
									 *(_t317 - 0x58) = _t313[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t281 =  *0x7ffe0008;
										__eflags = _t301 -  *_t308;
										if(_t301 ==  *_t308) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t313 = 0x7ffe03b0;
									_t309 =  *0x7ffe03b0;
									 *(_t317 - 0x40) = _t309;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t317 - 0x3c)) = _t206;
									__eflags =  *(_t317 - 0x28) - _t309;
									_t308 = 0x7ffe0010;
								} while ( *(_t317 - 0x28) != _t309);
								__eflags =  *(_t317 - 0x58) - _t206;
							} while ( *(_t317 - 0x58) != _t206);
							 *(_t317 - 0x28) =  *0x6f5e862c;
							__eflags =  *(_t317 - 0x30) -  *0x6f5e8628;
							_t308 = 0x7ffe0010;
						} while ( *(_t317 - 0x30) !=  *0x6f5e8628);
						__eflags =  *(_t317 - 0x44) -  *(_t317 - 0x28);
					} while ( *(_t317 - 0x44) !=  *(_t317 - 0x28));
					_t315 =  *((intOrPtr*)(_t317 - 0x6c));
					_t307 = 0;
					_t272 =  *(_t317 - 0x60);
					asm("sbb edx, [ebp-0x3c]");
					asm("sbb edx, eax");
					 *(_t317 - 0x28) = _t281 -  *(_t317 - 0x40) -  *(_t317 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x2c]");
					_t209 =  *((intOrPtr*)(_t317 - 0x20));
					_t286 =  *(_t315 + 0x24) &  *(_t209 + 0x18);
					 *(_t317 - 0x40) = _t286;
					__eflags =  *(_t315 + 0x34);
					if( *(_t315 + 0x34) != 0) {
						L37:
						 *((intOrPtr*)(_t317 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t317 - 0x34))));
						E6F52DF4C(_t317 - 0x78, _t315, _t317 - 0x74, _t317 - 0x78);
						_t316 =  *(_t317 - 0x74);
						__eflags = _t316;
						_t280 =  *((intOrPtr*)(_t317 - 0x34));
						if(_t316 != 0) {
							 *0x6f5eb1e0( *((intOrPtr*)(_t317 - 0x78)));
							 *_t316();
							_t280 =  *((intOrPtr*)(_t317 - 0x34));
						}
						_t312 =  *((intOrPtr*)(_t317 - 0x38));
						continue;
					}
					__eflags = _t286;
					if(_t286 == 0) {
						goto L37;
					}
					 *(_t317 - 0x5c) = _t286;
					_t45 = _t317 - 0x5c;
					 *_t45 =  *(_t317 - 0x5c) & 0x00000001;
					__eflags =  *_t45;
					if( *_t45 == 0) {
						L40:
						__eflags = _t286 & 0xfffffffe;
						if((_t286 & 0xfffffffe) != 0) {
							__eflags =  *((intOrPtr*)(_t315 + 0x64)) - _t307;
							if( *((intOrPtr*)(_t315 + 0x64)) == _t307) {
								L14:
								__eflags =  *(_t315 + 0x40) - _t307;
								if( *(_t315 + 0x40) != _t307) {
									__eflags = _t301 -  *(_t315 + 0x4c);
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t299 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *(_t315 + 0x5c) -  *((intOrPtr*)(_t299 + 0x10));
										if( *(_t315 + 0x5c) >=  *((intOrPtr*)(_t299 + 0x10))) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t317 - 0x28) -  *(_t315 + 0x48);
									if( *(_t317 - 0x28) >=  *(_t315 + 0x48)) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *((intOrPtr*)(_t317 + 8)) - _t307;
								if( *((intOrPtr*)(_t317 + 8)) != _t307) {
									__eflags =  *((intOrPtr*)(_t315 + 0x58)) - _t307;
									if( *((intOrPtr*)(_t315 + 0x58)) != _t307) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t317 - 0x24) = _t307;
								 *(_t317 - 0x30) = _t307;
								 *((intOrPtr*)(_t317 - 0x2c)) =  *((intOrPtr*)(_t315 + 0x10));
								_t217 =  *((intOrPtr*)(_t315 + 0xc));
								 *((intOrPtr*)(_t317 - 0x4c)) =  *((intOrPtr*)(_t217 + 0x10));
								 *((intOrPtr*)(_t317 - 0x48)) =  *((intOrPtr*)(_t217 + 0x14));
								 *(_t317 - 0x58) =  *(_t217 + 0x24);
								 *((intOrPtr*)(_t317 - 0x3c)) =  *((intOrPtr*)(_t315 + 0x14));
								 *((intOrPtr*)(_t317 - 0x64)) =  *((intOrPtr*)(_t315 + 0x18));
								 *(_t315 + 0x60) =  *( *[fs:0x18] + 0x24);
								_t224 =  *((intOrPtr*)(_t317 - 0x38)) + 0x28;
								 *(_t317 - 0x94) = _t224;
								_t291 = _t224;
								 *(_t317 - 0x28) = _t291;
								 *(_t317 - 0x90) = _t291;
								E6F50FFB0(_t272, _t307, _t224);
								_t292 = _t307;
								 *(_t317 - 0x54) = _t292;
								_t226 = _t307;
								 *(_t317 - 0x50) = _t226;
								 *(_t317 - 0x44) = _t226;
								__eflags =  *(_t315 + 0x28);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t229 = 0;
									_t230 = _t229 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t317 - 0x50) = _t230;
									 *(_t317 - 0x44) = _t230;
									__eflags = _t230;
									if(_t230 != 0) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t317 + 8)) - 1;
									if( *((intOrPtr*)(_t317 + 8)) == 1) {
										E6F512280( *(_t315 + 0x28) + 0x10,  *(_t315 + 0x28) + 0x10);
										_t230 = 1;
										 *(_t317 - 0x50) = 1;
										 *(_t317 - 0x44) = 1;
										goto L17;
									}
									_t233 = _t230 + 1;
									L35:
									 *( *((intOrPtr*)(_t317 - 0x70)) + 0x58) = _t233;
									__eflags = _t292;
									if(_t292 == 0) {
										E6F512280(_t233,  *(_t317 - 0x28));
									}
									 *(_t315 + 0x60) = _t307;
									goto L37;
								}
								L17:
								__eflags =  *(_t315 + 0x34) - _t307;
								if( *(_t315 + 0x34) != _t307) {
									L26:
									__eflags =  *(_t317 - 0x50);
									if( *(_t317 - 0x50) != 0) {
										_t230 = E6F50FFB0(_t272, _t307,  *(_t315 + 0x28) + 0x10);
									}
									__eflags =  *(_t317 - 0x30);
									if( *(_t317 - 0x30) == 0) {
										L71:
										_t292 =  *(_t317 - 0x54);
										L34:
										_t233 = _t307;
										goto L35;
									}
									E6F512280(_t230,  *(_t317 - 0x94));
									_t292 = 1;
									 *(_t317 - 0x54) = 1;
									__eflags =  *(_t317 - 0x24) - 0xc000022d;
									if( *(_t317 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) == 0) {
											goto L34;
										}
										_t272 = 1;
										__eflags = 1;
										 *(_t317 - 0x60) = 1;
										E6F5830AE(_t315,  *(_t317 - 0x24),  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10));
										goto L71;
									}
									__eflags =  *(_t317 - 0x24) - 0xc0000017;
									if( *(_t317 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t315 + 0x1c);
									if( *(_t315 + 0x1c) != 0) {
										_t238 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c);
										if( *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) != 0) {
											__eflags =  *(_t315 + 0x50) - _t307;
											if( *(_t315 + 0x50) > _t307) {
												 *(_t315 + 0x40) = _t307;
												 *(_t315 + 0x54) = _t307;
												 *(_t315 + 0x48) = _t307;
												 *(_t315 + 0x4c) = _t307;
												 *(_t315 + 0x50) = _t307;
												 *(_t315 + 0x5c) = _t307;
											}
										}
										goto L34;
									}
									L31:
									 *(_t315 + 0x1c) =  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10);
									goto L32;
								}
								 *(_t317 - 0x30) = 1;
								 *((intOrPtr*)(_t317 - 0x80)) = 1;
								 *((intOrPtr*)(_t317 - 0x64)) = E6F4F3E80( *((intOrPtr*)(_t317 - 0x64)));
								 *(_t317 - 4) = _t307;
								__eflags =  *(_t317 - 0x5c);
								if( *(_t317 - 0x5c) != 0) {
									_t257 =  *((intOrPtr*)(_t317 - 0x20));
									 *0x6f5eb1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t257 + 0x10)),  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)),  *((intOrPtr*)(_t317 - 0x68)),  *((intOrPtr*)(_t257 + 0x14)));
									 *(_t317 - 0x24) =  *((intOrPtr*)(_t317 - 0x2c))();
								}
								_t246 =  *(_t317 - 0x40);
								__eflags = _t246 & 0x00000010;
								if((_t246 & 0x00000010) != 0) {
									__eflags =  *(_t315 + 0x34) - _t307;
									if( *(_t315 + 0x34) != _t307) {
										goto L21;
									}
									__eflags =  *(_t317 - 0x24);
									if( *(_t317 - 0x24) >= 0) {
										L64:
										 *0x6f5eb1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)), _t307,  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)), _t307, _t307);
										 *((intOrPtr*)(_t317 - 0x2c))();
										 *(_t317 - 0x24) = _t307;
										_t246 =  *(_t317 - 0x40);
										goto L21;
									}
									__eflags =  *(_t315 + 0x20) & 0x00000004;
									if(( *(_t315 + 0x20) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t246 & 0xffffffee;
									if((_t246 & 0xffffffee) != 0) {
										 *(_t317 - 0x24) = _t307;
										 *0x6f5eb1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t317 - 0x3c)), _t246);
										 *((intOrPtr*)(_t317 - 0x2c))();
									}
									_t249 = E6F517D50();
									__eflags = _t249;
									if(_t249 != 0) {
										_t252 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t252 = 0x7ffe038e;
									}
									__eflags =  *_t252;
									if( *_t252 != 0) {
										_t252 = E6F582E14( *( *((intOrPtr*)(_t317 - 0x20)) + 0x10), _t315,  *((intOrPtr*)(_t317 - 0x38)),  *((intOrPtr*)(_t317 - 0x2c)),  *(_t317 - 0x40),  *(_t317 - 0x24),  *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)));
									}
									 *(_t317 - 4) = 0xfffffffe;
									E6F4F3E6B(_t252);
									_t230 = E6F4F3E80( *((intOrPtr*)(_t317 - 0x64)));
									goto L26;
								}
							}
						}
						__eflags = _t286 & 0x00000010;
						if((_t286 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t315 + 0x1c);
					if( *(_t315 + 0x1c) != 0) {
						__eflags =  *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c);
						if( *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}


































                                                                                  0x6f4f3aca
                                                                                  0x6f4f3acf
                                                                                  0x6f4f3ad4
                                                                                  0x6f4f3ad9
                                                                                  0x6f4f3adb
                                                                                  0x6f4f3ae0
                                                                                  0x6f4f3ae3
                                                                                  0x6f4f3ae5
                                                                                  0x6f4f3ae8
                                                                                  0x6f4f3aeb
                                                                                  0x6f4f3aed
                                                                                  0x6f4f3af5
                                                                                  0x6f4f3af8
                                                                                  0x6f4f3afb
                                                                                  0x6f4f3afe
                                                                                  0x6f4f3b05
                                                                                  0x6f4f3b0a
                                                                                  0x6f4f3b0d
                                                                                  0x00000000
                                                                                  0x6f4f3b10
                                                                                  0x6f4f3b15
                                                                                  0x6f4f3b1a
                                                                                  0x6f4f3b21
                                                                                  0x6f4f3b30
                                                                                  0x6f4f3b30
                                                                                  0x6f4f3b33
                                                                                  0x6f4f3b33
                                                                                  0x6f4f3b36
                                                                                  0x6f4f3b39
                                                                                  0x6f4f3b3f
                                                                                  0x6f4f3b47
                                                                                  0x6f4f3b4a
                                                                                  0x6f4f3b4a
                                                                                  0x6f4f3b4f
                                                                                  0x6f4f3b4f
                                                                                  0x6f4f3b4f
                                                                                  0x6f4f3b4f
                                                                                  0x6f4f3b4f
                                                                                  0x6f4f3b54
                                                                                  0x6f4f3b5c
                                                                                  0x6f4f3b61
                                                                                  0x6f4f3b67
                                                                                  0x6f4f3b6f
                                                                                  0x6f4f3b6f
                                                                                  0x6f4f3b71
                                                                                  0x6f4f3b75
                                                                                  0x6f4f3b77
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3e6c
                                                                                  0x6f4f3e6c
                                                                                  0x6f4f3b7d
                                                                                  0x6f4f3b7d
                                                                                  0x6f4f3b82
                                                                                  0x6f4f3b84
                                                                                  0x6f4f3b87
                                                                                  0x6f4f3b8a
                                                                                  0x6f4f3b8d
                                                                                  0x6f4f3b90
                                                                                  0x6f4f3b90
                                                                                  0x6f4f3b97
                                                                                  0x6f4f3b97
                                                                                  0x6f4f3ba7
                                                                                  0x6f4f3baa
                                                                                  0x6f4f3bad
                                                                                  0x6f4f3bad
                                                                                  0x6f4f3bb7
                                                                                  0x6f4f3bb7
                                                                                  0x6f4f3bbc
                                                                                  0x6f4f3bbf
                                                                                  0x6f4f3bc1
                                                                                  0x6f4f3bc7
                                                                                  0x6f4f3bcd
                                                                                  0x6f4f3bd5
                                                                                  0x6f4f3bd8
                                                                                  0x6f4f3bda
                                                                                  0x6f4f3be1
                                                                                  0x6f4f3be4
                                                                                  0x6f4f3be7
                                                                                  0x6f4f3bea
                                                                                  0x6f4f3bed
                                                                                  0x6f4f3d97
                                                                                  0x6f4f3d9c
                                                                                  0x6f4f3da8
                                                                                  0x6f4f3dad
                                                                                  0x6f4f3db0
                                                                                  0x6f4f3db2
                                                                                  0x6f4f3db5
                                                                                  0x6f55020b
                                                                                  0x6f550211
                                                                                  0x6f550213
                                                                                  0x6f550213
                                                                                  0x6f4f3dbb
                                                                                  0x00000000
                                                                                  0x6f4f3dbb
                                                                                  0x6f4f3bf3
                                                                                  0x6f4f3bf5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3bfb
                                                                                  0x6f4f3bfe
                                                                                  0x6f4f3bfe
                                                                                  0x6f4f3bfe
                                                                                  0x6f4f3c02
                                                                                  0x6f4f3dd1
                                                                                  0x6f4f3dd1
                                                                                  0x6f4f3dd7
                                                                                  0x6f5500c1
                                                                                  0x6f5500c4
                                                                                  0x6f4f3c11
                                                                                  0x6f4f3c11
                                                                                  0x6f4f3c14
                                                                                  0x6f5500cf
                                                                                  0x6f5500d2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5500d8
                                                                                  0x6f5500e6
                                                                                  0x6f5500e9
                                                                                  0x6f5500ec
                                                                                  0x6f5500ef
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5500f5
                                                                                  0x6f5500dd
                                                                                  0x6f5500e0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5500e0
                                                                                  0x6f4f3c1a
                                                                                  0x6f4f3c1a
                                                                                  0x6f4f3c1d
                                                                                  0x6f4f3e20
                                                                                  0x6f4f3e23
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3e29
                                                                                  0x6f4f3c23
                                                                                  0x6f4f3c23
                                                                                  0x6f4f3c26
                                                                                  0x6f4f3c2c
                                                                                  0x6f4f3c2f
                                                                                  0x6f4f3c35
                                                                                  0x6f4f3c3b
                                                                                  0x6f4f3c41
                                                                                  0x6f4f3c47
                                                                                  0x6f4f3c4d
                                                                                  0x6f4f3c59
                                                                                  0x6f4f3c5f
                                                                                  0x6f4f3c62
                                                                                  0x6f4f3c68
                                                                                  0x6f4f3c6a
                                                                                  0x6f4f3c6d
                                                                                  0x6f4f3c74
                                                                                  0x6f4f3c79
                                                                                  0x6f4f3c7b
                                                                                  0x6f4f3c7e
                                                                                  0x6f4f3c80
                                                                                  0x6f4f3c83
                                                                                  0x6f4f3c89
                                                                                  0x6f4f3c8b
                                                                                  0x6f4f3dea
                                                                                  0x6f4f3df1
                                                                                  0x6f4f3df2
                                                                                  0x6f4f3df5
                                                                                  0x6f4f3df8
                                                                                  0x6f4f3dfb
                                                                                  0x6f4f3dfd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3e03
                                                                                  0x6f4f3e07
                                                                                  0x6f4f3e42
                                                                                  0x6f4f3e49
                                                                                  0x6f4f3e4a
                                                                                  0x6f4f3e4d
                                                                                  0x00000000
                                                                                  0x6f4f3e4d
                                                                                  0x6f4f3e09
                                                                                  0x6f4f3d86
                                                                                  0x6f4f3d89
                                                                                  0x6f4f3d8c
                                                                                  0x6f4f3d8e
                                                                                  0x6f4f3e31
                                                                                  0x6f4f3e31
                                                                                  0x6f4f3d94
                                                                                  0x00000000
                                                                                  0x6f4f3d94
                                                                                  0x6f4f3c91
                                                                                  0x6f4f3c91
                                                                                  0x6f4f3c94
                                                                                  0x6f4f3d23
                                                                                  0x6f4f3d23
                                                                                  0x6f4f3d27
                                                                                  0x6f4f3e16
                                                                                  0x6f4f3e16
                                                                                  0x6f4f3d2d
                                                                                  0x6f4f3d31
                                                                                  0x6f5501fe
                                                                                  0x6f5501fe
                                                                                  0x6f4f3d84
                                                                                  0x6f4f3d84
                                                                                  0x00000000
                                                                                  0x6f4f3d84
                                                                                  0x6f4f3d3d
                                                                                  0x6f4f3d44
                                                                                  0x6f4f3d45
                                                                                  0x6f4f3d48
                                                                                  0x6f4f3d4f
                                                                                  0x6f5501de
                                                                                  0x6f5501de
                                                                                  0x6f5501e2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5501ea
                                                                                  0x6f5501ea
                                                                                  0x6f5501eb
                                                                                  0x6f5501f9
                                                                                  0x00000000
                                                                                  0x6f5501f9
                                                                                  0x6f4f3d55
                                                                                  0x6f4f3d5c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3d62
                                                                                  0x6f4f3d66
                                                                                  0x6f4f3e55
                                                                                  0x6f4f3e5e
                                                                                  0x6f4f3e60
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3d75
                                                                                  0x6f4f3d75
                                                                                  0x6f4f3d79
                                                                                  0x6f4f3d7b
                                                                                  0x6f4f3d7e
                                                                                  0x6f5501c7
                                                                                  0x6f5501ca
                                                                                  0x6f5501cd
                                                                                  0x6f5501d0
                                                                                  0x6f5501d3
                                                                                  0x6f5501d6
                                                                                  0x6f5501d6
                                                                                  0x6f4f3d7e
                                                                                  0x00000000
                                                                                  0x6f4f3d79
                                                                                  0x6f4f3d6c
                                                                                  0x6f4f3d72
                                                                                  0x00000000
                                                                                  0x6f4f3d72
                                                                                  0x6f4f3c9d
                                                                                  0x6f4f3ca0
                                                                                  0x6f4f3cab
                                                                                  0x6f4f3cae
                                                                                  0x6f4f3cb1
                                                                                  0x6f4f3cb5
                                                                                  0x6f4f3cb7
                                                                                  0x6f4f3cd2
                                                                                  0x6f4f3cdb
                                                                                  0x6f4f3cdb
                                                                                  0x6f4f3cde
                                                                                  0x6f4f3ce1
                                                                                  0x6f4f3ce3
                                                                                  0x6f5500fa
                                                                                  0x6f5500fd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f550103
                                                                                  0x6f550107
                                                                                  0x6f550113
                                                                                  0x6f550125
                                                                                  0x6f55012b
                                                                                  0x6f55012e
                                                                                  0x6f550131
                                                                                  0x00000000
                                                                                  0x6f550131
                                                                                  0x6f550109
                                                                                  0x6f55010d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3ce9
                                                                                  0x6f4f3ce9
                                                                                  0x6f4f3ce9
                                                                                  0x6f4f3cee
                                                                                  0x6f550139
                                                                                  0x6f550149
                                                                                  0x6f55014f
                                                                                  0x6f55014f
                                                                                  0x6f4f3cf4
                                                                                  0x6f4f3cf9
                                                                                  0x6f4f3cfb
                                                                                  0x6f550160
                                                                                  0x6f4f3d01
                                                                                  0x6f4f3d01
                                                                                  0x6f4f3d01
                                                                                  0x6f4f3d06
                                                                                  0x6f4f3d09
                                                                                  0x6f550184
                                                                                  0x6f550184
                                                                                  0x6f4f3d0f
                                                                                  0x6f4f3d16
                                                                                  0x6f4f3d1e
                                                                                  0x00000000
                                                                                  0x6f4f3d1e
                                                                                  0x6f4f3ce3
                                                                                  0x6f5500ca
                                                                                  0x6f4f3ddd
                                                                                  0x6f4f3de0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3de2
                                                                                  0x6f4f3c08
                                                                                  0x6f4f3c0b
                                                                                  0x6f4f3dc9
                                                                                  0x6f4f3dcb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f3dcb
                                                                                  0x00000000
                                                                                  0x6f4f3c0b

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(00000000,6F5CF4D0,00000084,6F4F3A18,00000000,?,?), ref: 6F4F3B05
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,00000000,6F5CF4D0,00000084,6F4F3A18,00000000,?,?), ref: 6F4F3B1A
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,?,00000000,6F5CF4D0,00000084,6F4F3A18,00000000,?,?), ref: 6F4F3C74
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$Acquire
                                                                                  • String ID:
                                                                                  • API String ID: 1021914862-0
                                                                                  • Opcode ID: aca25ed1563927d1b7493fdb1ee00e12b548e5eb27f2815be6cefabfe05f7805
                                                                                  • Instruction ID: 2ab1935ff168a538af2022ee85500109ffe5b0a991cf65fe211e36db2bd15e1b
                                                                                  • Opcode Fuzzy Hash: aca25ed1563927d1b7493fdb1ee00e12b548e5eb27f2815be6cefabfe05f7805
                                                                                  • Instruction Fuzzy Hash: DBE1F271D06648DFCB25CFA9C981A9DFBF1BF88314F10452AE55AABB60D731A842CF11
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F6D10, Relevance: 21.3, APIs: 14, Instructions: 316stringCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 96%
                                                                                  			E6F4F6D10(char* _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				char** _v20;
				signed int _v24;
				signed int _v28;
				char* _v32;
				signed int _t97;
				char** _t99;
				void* _t108;
				long _t115;
				void* _t118;
				char* _t120;
				char** _t121;
				long _t122;
				long _t123;
				signed int _t124;
				void* _t127;
				void* _t132;
				char* _t134;
				char** _t137;
				intOrPtr _t141;
				intOrPtr _t142;
				signed int _t143;
				char _t146;
				signed int _t151;
				char* _t153;
				intOrPtr* _t155;
				void* _t156;
				void* _t157;
				void* _t161;
				void* _t162;
				char** _t170;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t175;
				intOrPtr _t177;
				signed int _t179;
				signed int _t180;
				void* _t182;
				void* _t189;

				_t97 = 0;
				_v32 = 0;
				_t170 = 0;
				_v5 = 0;
				_t180 = 0;
				_v28 = 0;
				_t143 = 0;
				_v24 = 0;
				_t179 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_t141 =  *_a4;
				while(_t141 != 0) {
					_t117 = _t97;
					if(_t117 != 0) {
						_t118 = _t117 - 1;
						if(_t118 != 0) {
							_t117 = _t118 == 1;
							if(_t118 == 1) {
								goto L3;
							}
							_t121 = _v20;
							_t177 = _v24;
							L27:
							if(_t177 != 1) {
								L32:
								_t142 = _a12;
								L52:
								_t153 = _v32;
								_t180 = _v12;
								if(_t153 == 0) {
									goto L28;
								}
								if(_t121 != 0) {
									if(_t180 > 3) {
										L14:
										return 0xc000000d;
									}
									_t122 = strtol(_t153, 0, 0xa);
									_t189 = _t189 + 0xc;
									if(_t122 > 0xff) {
										goto L14;
									}
									_t170 = _v20;
									 *(_t170 + _v28 * 2 + _t142 - 1) = _t122;
									L29:
									_t97 = _v24;
									L30:
									_t155 = _a4 + 1;
									_a4 = _t155;
									_t141 =  *_t155;
									_t143 = _v16;
									continue;
								}
								if(_t180 > 4) {
									goto L14;
								}
								_t123 = strtol(_t153, _t121, 0x10);
								_t189 = _t189 + 0xc;
								_t124 = _v28;
								 *((short*)(_t142 + _t124 * 2)) = _t123;
								_v28 = _t124 + 1;
							}
							L28:
							_t170 = _v20;
							goto L29;
						}
						_t185 = _t141;
						_t131 = E6F53CB30(_t118, _t141);
						_pop(_t161);
						if(_t131 == 0 || E6F53CC80(_t161, _t185) == 0) {
							_t132 = E6F53CB30(_t131, _t185);
							_pop(_t162);
							if(_t132 == 0 || E6F53CDD0(_t162, _t185) == 0) {
								if(_t141 == 0x3a) {
									if(_v20 != 0 || _t179 > 6) {
										L9:
										_t143 = _v16;
										goto L10;
									} else {
										_t134 = _a4 + 1;
										if( *_t134 != 0x3a) {
											_t177 = 0;
											L43:
											_t180 = _v12;
											_t179 = _t179 + 1;
											_t121 = _v20;
											L26:
											_v24 = _t177;
											goto L27;
										}
										_t143 = _v16;
										if(_t143 != 0) {
											L10:
											_t180 = _v12;
											break;
										}
										_t177 = 2;
										_t37 = _t179 + 1; // 0x1
										_a4 = _t134;
										_push(_t177);
										_v16 = _t37;
										_pop(1);
										goto L43;
									}
								}
								if(_t141 != 0x2e) {
									goto L9;
								}
								if(_v5 != 0) {
									goto L9;
								}
								_t137 = _v20;
								if(_t137 > 2 || _t179 > 6) {
									goto L9;
								} else {
									_t121 = _t137 + 1;
									_v20 = _t121;
									_v24 = 0;
									goto L32;
								}
							} else {
								_t170 = _v20;
								_t180 = _v12 + 1;
								_v12 = _t180;
								if(_t170 != 0) {
									_t143 = _v16;
									break;
								}
								_v5 = 1;
								goto L29;
							}
						} else {
							_t180 = _v12 + 1;
							_v12 = _t180;
							goto L28;
						}
					}
					L3:
					if(_t141 == 0x3a) {
						if(_t170 != 0 || _t179 != 0) {
							break;
						} else {
							_t120 = _a4 + 1;
							if( *_t120 != 0x3a) {
								break;
							}
							_t142 = _a12;
							_a4 = _t120;
							_t121 = _v20;
							_v16 = 1;
							_t151 = _v28;
							_t179 = 2;
							 *((short*)(_t142 + _t151 * 2)) = _t170;
							_t175 = _t179;
							_v28 = _t151 + 1;
							_v24 = _t175;
							goto L52;
						}
					}
					if(_t179 > 7) {
						break;
					}
					_t183 = _t141;
					_t126 = E6F53CB30(_t117, _t141);
					_pop(_t156);
					if(_t126 == 0 || E6F53CC80(_t156, _t183) == 0) {
						_t127 = E6F53CB30(_t126, _t183);
						_pop(_t157);
						if(_t127 == 0 || E6F53CDD0(_t157, _t183) == 0) {
							goto L9;
						} else {
							_t121 = _v20;
							if(_t121 != 0) {
								goto L9;
							}
							_v5 = 1;
							_t177 = 1;
							_v32 = _a4;
							_t180 = 1;
							_v12 = 1;
							goto L26;
						}
					} else {
						_t170 = _v20;
						_v32 = _a4;
						_t97 = 1;
						_v5 = 0;
						_t180 = 1;
						_v24 = 1;
						_v12 = 1;
						goto L30;
					}
				}
				 *_a8 = _a4;
				_t99 = _v20;
				if(_t99 != 0) {
					if(_t99 != 3) {
						goto L14;
					}
					_t179 = _t179 + 1;
				}
				if(_t143 != 0 || _t179 == 7) {
					_t172 = _v24;
					if(_t172 != 1) {
						if(_t172 != 2) {
							goto L14;
						}
						_t173 = _a12;
						 *((short*)(_t173 + _v28 * 2)) = 0;
						L73:
						if(_t143 != 0) {
							_t182 = _t173 + _t143 * 2;
							memmove(_t173 + (_t143 - _t179 + 8) * 2, _t182, _t179 - _t143 + _t179 - _t143);
							_t108 = 8;
							memset(_t182, 0, _t108 - _t179 + _t108 - _t179);
						}
						return 0;
					}
					if(_t99 != 0) {
						if(_t180 > 3) {
							goto L14;
						}
						_t146 = strtol(_v32, 0, 0xa);
						_t189 = _t189 + 0xc;
						if(_t146 > 0xff) {
							goto L14;
						}
						_t173 = _a12;
						 *((char*)(_v20 + _v28 * 2 + _t173)) = _t146;
						L70:
						_t143 = _v16;
						goto L73;
					}
					if(_t180 > 4) {
						goto L14;
					}
					_t115 = strtol(_v32, _t99, 0x10);
					_t173 = _a12;
					_t189 = _t189 + 0xc;
					 *((short*)(_t173 + _v28 * 2)) = _t115;
					goto L70;
				} else {
					goto L14;
				}
			}












































                                                                                  0x6f4f6d1c
                                                                                  0x6f4f6d1e
                                                                                  0x6f4f6d21
                                                                                  0x6f4f6d23
                                                                                  0x6f4f6d26
                                                                                  0x6f4f6d28
                                                                                  0x6f4f6d2b
                                                                                  0x6f4f6d2d
                                                                                  0x6f4f6d31
                                                                                  0x6f4f6d33
                                                                                  0x6f4f6d39
                                                                                  0x6f4f6d3c
                                                                                  0x6f4f6d3f
                                                                                  0x6f4f6d41
                                                                                  0x6f4f6d45
                                                                                  0x6f4f6d48
                                                                                  0x6f4f6dc7
                                                                                  0x6f4f6dca
                                                                                  0x6f551e50
                                                                                  0x6f551e53
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551e59
                                                                                  0x6f551e5c
                                                                                  0x6f4f6e3b
                                                                                  0x6f4f6e3e
                                                                                  0x6f4f6e60
                                                                                  0x6f4f6e60
                                                                                  0x6f551f34
                                                                                  0x6f551f34
                                                                                  0x6f551f37
                                                                                  0x6f551f3c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551f44
                                                                                  0x6f551f90
                                                                                  0x6f4f6db9
                                                                                  0x00000000
                                                                                  0x6f4f6db9
                                                                                  0x6f551f9b
                                                                                  0x6f551fa0
                                                                                  0x6f551fa8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551fae
                                                                                  0x6f551fb7
                                                                                  0x6f4f6e43
                                                                                  0x6f4f6e43
                                                                                  0x6f4f6e46
                                                                                  0x6f4f6e49
                                                                                  0x6f4f6e4a
                                                                                  0x6f4f6e4d
                                                                                  0x6f4f6e4f
                                                                                  0x00000000
                                                                                  0x6f4f6e4f
                                                                                  0x6f551f49
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551f53
                                                                                  0x6f551f5a
                                                                                  0x6f551f5f
                                                                                  0x6f551f62
                                                                                  0x6f551f67
                                                                                  0x6f551f67
                                                                                  0x6f4f6e40
                                                                                  0x6f4f6e40
                                                                                  0x00000000
                                                                                  0x6f4f6e40
                                                                                  0x6f4f6dd0
                                                                                  0x6f4f6dd4
                                                                                  0x6f4f6dd9
                                                                                  0x6f4f6ddc
                                                                                  0x6f4f6dea
                                                                                  0x6f4f6def
                                                                                  0x6f4f6df2
                                                                                  0x6f4f6e06
                                                                                  0x6f551e83
                                                                                  0x6f4f6d8f
                                                                                  0x6f4f6d8f
                                                                                  0x00000000
                                                                                  0x6f551e92
                                                                                  0x6f551e95
                                                                                  0x6f551e99
                                                                                  0x6f551eb8
                                                                                  0x6f551ebb
                                                                                  0x6f551ebb
                                                                                  0x6f551ebe
                                                                                  0x6f551ec0
                                                                                  0x6f4f6e38
                                                                                  0x6f4f6e38
                                                                                  0x00000000
                                                                                  0x6f4f6e38
                                                                                  0x6f551e9b
                                                                                  0x6f551ea0
                                                                                  0x6f4f6d92
                                                                                  0x6f4f6d92
                                                                                  0x00000000
                                                                                  0x6f4f6d92
                                                                                  0x6f551ea8
                                                                                  0x6f551ea9
                                                                                  0x6f551eac
                                                                                  0x6f551eaf
                                                                                  0x6f551eb0
                                                                                  0x6f551eb3
                                                                                  0x00000000
                                                                                  0x6f551eb3
                                                                                  0x6f551e83
                                                                                  0x6f4f6e0f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551ecc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551ed2
                                                                                  0x6f551ed8
                                                                                  0x00000000
                                                                                  0x6f551ee7
                                                                                  0x6f551ee7
                                                                                  0x6f551eea
                                                                                  0x6f551eed
                                                                                  0x00000000
                                                                                  0x6f551eed
                                                                                  0x6f551e64
                                                                                  0x6f551e67
                                                                                  0x6f551e6a
                                                                                  0x6f551e6b
                                                                                  0x6f551e70
                                                                                  0x6f551fc0
                                                                                  0x00000000
                                                                                  0x6f551fc0
                                                                                  0x6f551e76
                                                                                  0x00000000
                                                                                  0x6f551e76
                                                                                  0x6f4f6e57
                                                                                  0x6f4f6e5a
                                                                                  0x6f4f6e5b
                                                                                  0x00000000
                                                                                  0x6f4f6e5b
                                                                                  0x6f4f6ddc
                                                                                  0x6f4f6d4a
                                                                                  0x6f4f6d4d
                                                                                  0x6f551ef7
                                                                                  0x00000000
                                                                                  0x6f551f05
                                                                                  0x6f551f08
                                                                                  0x6f551f0c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551f12
                                                                                  0x6f551f18
                                                                                  0x6f551f1b
                                                                                  0x6f551f1e
                                                                                  0x6f551f21
                                                                                  0x6f551f26
                                                                                  0x6f551f28
                                                                                  0x6f551f2d
                                                                                  0x6f551f2e
                                                                                  0x6f551f31
                                                                                  0x00000000
                                                                                  0x6f551f31
                                                                                  0x6f551ef7
                                                                                  0x6f4f6d56
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f6d58
                                                                                  0x6f4f6d5c
                                                                                  0x6f4f6d61
                                                                                  0x6f4f6d64
                                                                                  0x6f4f6d76
                                                                                  0x6f4f6d7b
                                                                                  0x6f4f6d7e
                                                                                  0x00000000
                                                                                  0x6f4f6e1a
                                                                                  0x6f4f6e1a
                                                                                  0x6f4f6e1f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f6e2c
                                                                                  0x6f4f6e30
                                                                                  0x6f4f6e31
                                                                                  0x6f4f6e34
                                                                                  0x6f4f6e35
                                                                                  0x00000000
                                                                                  0x6f4f6e35
                                                                                  0x6f551f6f
                                                                                  0x6f551f74
                                                                                  0x6f551f77
                                                                                  0x6f551f7c
                                                                                  0x6f551f7d
                                                                                  0x6f551f81
                                                                                  0x6f551f82
                                                                                  0x6f551f85
                                                                                  0x00000000
                                                                                  0x6f551f85
                                                                                  0x6f4f6d64
                                                                                  0x6f4f6d9b
                                                                                  0x6f4f6d9d
                                                                                  0x6f4f6da2
                                                                                  0x6f551fcb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551fd1
                                                                                  0x6f551fd1
                                                                                  0x6f4f6daa
                                                                                  0x6f551fd7
                                                                                  0x6f551fdd
                                                                                  0x6f552047
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55204d
                                                                                  0x6f552055
                                                                                  0x6f552059
                                                                                  0x6f55205b
                                                                                  0x6f55205d
                                                                                  0x6f552071
                                                                                  0x6f552078
                                                                                  0x6f552081
                                                                                  0x6f552086
                                                                                  0x00000000
                                                                                  0x6f552089
                                                                                  0x6f551fe1
                                                                                  0x6f55200d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55201f
                                                                                  0x6f552021
                                                                                  0x6f55202a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f552039
                                                                                  0x6f55203c
                                                                                  0x6f55203f
                                                                                  0x6f55203f
                                                                                  0x00000000
                                                                                  0x6f55203f
                                                                                  0x6f551fe6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f551ff2
                                                                                  0x6f551ff7
                                                                                  0x6f551ffe
                                                                                  0x6f552004
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • __isascii.BCCB(?,?,?,00000000,?,00000000,?,00000000), ref: 6F4F6D5C
                                                                                  • isdigit.BCCB(?,?,?,00000000,?,00000000,?,00000000), ref: 6F4F6D67
                                                                                  • __isascii.BCCB(?,?,?,00000000,?,00000000,?,00000000), ref: 6F4F6D76
                                                                                  • isxdigit.BCCB(?,?,?,00000000,?,00000000,?,00000000), ref: 6F4F6D81
                                                                                  • __isascii.BCCB(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6F4F6DD4
                                                                                  • isdigit.BCCB(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6F4F6DDF
                                                                                  • __isascii.BCCB(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6F4F6DEA
                                                                                  • isxdigit.BCCB(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6F4F6DF5
                                                                                  • strtol.BCCB(?,00000000,00000010,?,?,00000000,?,00000000,?,00000000), ref: 6F551F53
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: __isascii$isdigitisxdigit$strtol
                                                                                  • String ID:
                                                                                  • API String ID: 2731936382-0
                                                                                  • Opcode ID: ce4017a68cac62f16c561abc348bc20d924df1deea31378d96b57986fe07fbb5
                                                                                  • Instruction ID: 73054169c1fd6e97fc80338dbce89b3d188959c2a109b4f87bbbca5196e141af
                                                                                  • Opcode Fuzzy Hash: ce4017a68cac62f16c561abc348bc20d924df1deea31378d96b57986fe07fbb5
                                                                                  • Instruction Fuzzy Hash: 84B1B375E4522A9BDB04CF6CC990BEEBBB5AF87304F10403AD859EB741D730AD528B91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F40E1, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 29%
                                                                                  			E6F4F40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6F4FB150();
					} else {
						E6F4FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6F4FB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E6F4FB150(", passed to %s", _t29);
					}
					_push("\n");
					E6F4FB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6f5e6378 = 1;
						asm("int3");
						 *0x6f5e6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                  0x6f4f40e6
                                                                                  0x6f4f40e8
                                                                                  0x6f4f40f1
                                                                                  0x6f55042d
                                                                                  0x6f55044c
                                                                                  0x6f550451
                                                                                  0x6f55042f
                                                                                  0x6f550444
                                                                                  0x6f550449
                                                                                  0x6f55045d
                                                                                  0x6f550466
                                                                                  0x6f55046e
                                                                                  0x6f550474
                                                                                  0x6f550475
                                                                                  0x6f55047a
                                                                                  0x6f55048a
                                                                                  0x6f55048c
                                                                                  0x6f550493
                                                                                  0x6f550494
                                                                                  0x6f550494
                                                                                  0x00000000
                                                                                  0x6f55049b
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,6F5B38D6), ref: 6F550444
                                                                                  • DbgPrint.BCCB(Invalid heap signature for heap at %p,?,?,?,?,?,?,?,6F5B38D6), ref: 6F55045D
                                                                                  • DbgPrint.BCCB(, passed to %s,RtlGetUserInfoHeap,?,?,?,?,?,?,6F5B38D6), ref: 6F55046E
                                                                                  • DbgPrint.BCCB(6F4D6B94,?,?,?,?,?,?,6F5B38D6), ref: 6F55047A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlGetUserInfoHeap
                                                                                  • API String ID: 3558298466-609737958
                                                                                  • Opcode ID: 6e372b3a995b99bb54b2257bde389c361ad8cf008038fe44b53996093420bb14
                                                                                  • Instruction ID: bd05d0d917a90eb395a4a492521457cf763a428306f1beb35435587eabd05466
                                                                                  • Opcode Fuzzy Hash: 6e372b3a995b99bb54b2257bde389c361ad8cf008038fe44b53996093420bb14
                                                                                  • Instruction Fuzzy Hash: 8101D832416A92DED2158764D61CF9277A4DB83778F15806FF00C47E81CB74A851C161
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F4360, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 144COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 37%
                                                                                  			E6F4F4360(signed int _a4, unsigned int _a8) {
				void* _v4;
				signed int _v8;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t43;
				signed char _t46;
				signed int _t67;
				signed int _t69;
				void* _t70;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				void* _t84;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;

				_t89 = (_t87 & 0xfffffff8) - 0x5c;
				_t40 =  *0x6f5ed360 ^ _t89;
				_v8 =  *0x6f5ed360 ^ _t89;
				_push(_t85);
				if((_a4 & 0xfffffffe) != 0) {
					_push(_a4);
					_push("RtlDeactivateActivationContext");
					_push("SXS: %s() called with invalid flags 0x%08lx\n");
					L17:
					_push(0);
					_push(0x33);
					E6F585720();
					_t89 = _t89 + 0x14;
					L19:
					_push(0xc000000d);
					L21:
					L6F54DF30(_t71, _t80);
					L22:
					_t82 =  *_t85;
					_t71 = 0;
					if(_t82 == 0) {
						_t43 = 0;
					} else {
						asm("sbb eax, eax");
						_t43 =  ~( *(_t82 + 8) & 8) & _t82;
					}
					if(_t82 == 0) {
						L20:
						_push(0xc0150010);
						goto L21;
					} else {
						while(_t43 == 0 ||  *((intOrPtr*)(_t43 + 0xc)) != _t80) {
							_t82 =  *_t82;
							_t71 = _t71 + 1;
							if(_t82 == 0) {
								_t43 = 0;
							} else {
								asm("sbb eax, eax");
								_t43 =  ~( *(_t82 + 8) & 8) & _t82;
							}
							if(_t82 != 0) {
								continue;
							}
							break;
						}
						if(_t82 == 0) {
							goto L20;
						}
						_v84 = _v84 & 0x00000000;
						_v88 = _v88 & 0x00000000;
						_push( &_v92);
						_v76 = 3;
						_v72 = _t71;
						_v68 = _t82;
						_v64 = _t85;
						_v92 = 0xc015000f;
						E6F54DEF0(_t71, _t80);
						L8:
						_t83 =  *_t82;
						do {
							_t46 =  *(_t85 + 8);
							_t69 =  *_t85;
							if((_t46 & 0x00000001) != 0) {
								E6F529B10( *((intOrPtr*)(_t85 + 4)));
								_t46 =  *(_t85 + 8);
							}
							if((_t46 & 0x00000008) != 0) {
								_t80 = _t85;
								E6F4F4439(_v88, _t85);
							}
							_t85 = _t69;
						} while (_t69 != _t83);
						_t40 = _v88;
						 *_v88 = _t83;
						L14:
						_pop(_t84);
						_pop(_t86);
						_pop(_t70);
						return E6F53B640(_t40, _t70,  *(_t89 + 0x64) ^ _t89, _t80, _t84, _t86);
					}
				}
				_t80 = _a8;
				if(_t80 == 0) {
					goto L14;
				}
				if((_t80 & 0xf0000000) != 0x10000000) {
					_push(_t80);
					_push("RtlDeactivateActivationContext");
					_push("SXS: %s() called with invalid cookie type 0x%08Ix\n");
					goto L17;
				}
				_t85 = 0xfff;
				_t71 = _t80 >> 0x00000010 ^  *( *( *[fs:0x18] + 0x1a8) + 0x14);
				_t40 =  *( *[fs:0x18] + 0x1a8);
				if((0x00000fff & (_t80 >> 0x00000010 ^  *( *( *[fs:0x18] + 0x1a8) + 0x14))) != 0) {
					_push( *(_t40 + 0x14) & 0x00000fff);
					_push(_t80);
					E6F585720(0x33, 0, "SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix\n", "RtlDeactivateActivationContext");
					_t89 = _t89 + 0x18;
					goto L19;
				}
				_t85 =  *_t40;
				_v96 = _t40;
				if(_t85 == 0) {
					goto L14;
				}
				_t67 =  *(_t85 + 8) & 0x00000008;
				asm("sbb ecx, ecx");
				_t79 =  ~_t67 & _t85;
				if(_t67 == 0 ||  *((intOrPtr*)(_t79 + 0xc)) != _t80) {
					goto L22;
				} else {
					_t82 = _t85;
					goto L8;
				}
			}






























                                                                                  0x6f4f4368
                                                                                  0x6f4f4370
                                                                                  0x6f4f4372
                                                                                  0x6f4f437e
                                                                                  0x6f4f4380
                                                                                  0x6f55072a
                                                                                  0x6f55072d
                                                                                  0x6f550732
                                                                                  0x6f550744
                                                                                  0x6f550744
                                                                                  0x6f550746
                                                                                  0x6f550748
                                                                                  0x6f55074d
                                                                                  0x6f55076f
                                                                                  0x6f55076f
                                                                                  0x6f55077b
                                                                                  0x6f55077b
                                                                                  0x6f550780
                                                                                  0x6f550780
                                                                                  0x6f550782
                                                                                  0x6f550786
                                                                                  0x6f550798
                                                                                  0x6f550788
                                                                                  0x6f550792
                                                                                  0x6f550794
                                                                                  0x6f550794
                                                                                  0x6f55079c
                                                                                  0x6f550776
                                                                                  0x6f550776
                                                                                  0x00000000
                                                                                  0x6f55079e
                                                                                  0x6f55079e
                                                                                  0x6f5507a7
                                                                                  0x6f5507a9
                                                                                  0x6f5507ac
                                                                                  0x6f5507be
                                                                                  0x6f5507ae
                                                                                  0x6f5507b8
                                                                                  0x6f5507ba
                                                                                  0x6f5507ba
                                                                                  0x6f5507c2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5507c2
                                                                                  0x6f5507c6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5507c8
                                                                                  0x6f5507d1
                                                                                  0x6f5507d6
                                                                                  0x6f5507d7
                                                                                  0x6f5507df
                                                                                  0x6f5507e3
                                                                                  0x6f5507e7
                                                                                  0x6f5507eb
                                                                                  0x6f5507f3
                                                                                  0x6f4f43fb
                                                                                  0x6f4f43fb
                                                                                  0x6f4f43fd
                                                                                  0x6f4f43fd
                                                                                  0x6f4f4400
                                                                                  0x6f4f4404
                                                                                  0x6f550800
                                                                                  0x6f550805
                                                                                  0x6f550805
                                                                                  0x6f4f440c
                                                                                  0x6f4f4412
                                                                                  0x6f4f4414
                                                                                  0x6f4f4414
                                                                                  0x6f4f4419
                                                                                  0x6f4f441b
                                                                                  0x6f4f441f
                                                                                  0x6f4f4423
                                                                                  0x6f4f4425
                                                                                  0x6f4f4429
                                                                                  0x6f4f442a
                                                                                  0x6f4f442b
                                                                                  0x6f4f4436
                                                                                  0x6f4f4436
                                                                                  0x6f55079c
                                                                                  0x6f4f4386
                                                                                  0x6f4f438b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f439d
                                                                                  0x6f550739
                                                                                  0x6f55073a
                                                                                  0x6f55073f
                                                                                  0x00000000
                                                                                  0x6f55073f
                                                                                  0x6f4f43ae
                                                                                  0x6f4f43b9
                                                                                  0x6f4f43c2
                                                                                  0x6f4f43ca
                                                                                  0x6f550757
                                                                                  0x6f550758
                                                                                  0x6f550767
                                                                                  0x6f55076c
                                                                                  0x00000000
                                                                                  0x6f55076c
                                                                                  0x6f4f43d0
                                                                                  0x6f4f43d2
                                                                                  0x6f4f43d8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f43dd
                                                                                  0x6f4f43e4
                                                                                  0x6f4f43e6
                                                                                  0x6f4f43ea
                                                                                  0x00000000
                                                                                  0x6f4f43f9
                                                                                  0x6f4f43f9
                                                                                  0x00000000
                                                                                  0x6f4f43f9

                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() called with invalid flags 0x%08lx,RtlDeactivateActivationContext,FFFFFFFE), ref: 6F550748
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix,RtlDeactivateActivationContext,?,?), ref: 6F550767
                                                                                  • RtlRaiseStatus.BCCB(C000000D), ref: 6F55077B
                                                                                  • RtlRaiseException.BCCB(?,?,?), ref: 6F5507F3
                                                                                  • RtlReleaseActivationContext.BCCB(?), ref: 6F550800
                                                                                  Strings
                                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 6F550732
                                                                                  • RtlDeactivateActivationContext, xrefs: 6F55072D, 6F55073A, 6F550759
                                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 6F55073F
                                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 6F55075E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: PrintRaise$ActivationContextExceptionReleaseStatus
                                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                  • API String ID: 1148088771-1245972979
                                                                                  • Opcode ID: ac16853edbd3d1f669d0db18b93a63034d7c0ea5cf04a310ee2672b512da68db
                                                                                  • Instruction ID: 9f081d240c418e659250ed1913f262c77fbc1b9b7bca1f9ed9fe5c591f09ecb5
                                                                                  • Opcode Fuzzy Hash: ac16853edbd3d1f669d0db18b93a63034d7c0ea5cf04a310ee2672b512da68db
                                                                                  • Instruction Fuzzy Hash: E541B431664B129BD711CE29C941B56B3A1EFC0769F10993FE8699BB80DB34EC118F91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F0BD0, Relevance: 15.3, APIs: 10, Instructions: 272COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E6F4F0BD0(wchar_t* _a4, wchar_t** _a8, intOrPtr _a12) {
				char _v5;
				wchar_t* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				wchar_t* _v28;
				signed int _v32;
				long _t110;
				wchar_t** _t113;
				wchar_t* _t114;
				wchar_t* _t115;
				long _t116;
				long _t117;
				signed int _t118;
				int _t121;
				int _t122;
				void* _t123;
				wchar_t** _t126;
				int _t127;
				int _t128;
				wchar_t** _t129;
				signed int _t130;
				wchar_t* _t134;
				char _t135;
				wchar_t** _t138;
				char _t141;
				wchar_t** _t144;
				intOrPtr _t145;
				wchar_t* _t146;
				signed int _t147;
				long _t150;
				wchar_t** _t151;
				void* _t153;
				intOrPtr _t154;
				wchar_t* _t155;
				void* _t157;

				_t146 = _a4;
				_t144 = 0;
				_t129 = 0;
				_v20 = 0;
				_v28 = 0;
				_v5 = 0;
				_t150 =  *_t146 & 0x0000ffff;
				_v12 = 0;
				_v16 = 0;
				_v32 = 0;
				_v24 = 0;
				if(_t150 == 0) {
					_t134 = 0;
					L10:
					_t151 = _v20;
					 *_a8 = _t146;
					if(_t151 != 0) {
						if(_t151 != 3) {
							L13:
							return 0xc000000d;
						}
						_t134 = _t134 + 1;
						_v12 = _t134;
					}
					_t147 = _v32;
					if(_t147 != 0 || _t134 == 7) {
						if(_t129 != 1) {
							if(_t129 != 2) {
								goto L13;
							}
							_t145 = _a12;
							 *((short*)(_t145 + _v24 * 2)) = 0;
							L68:
							if(_t147 != 0) {
								_t153 = _t145 + _t147 * 2;
								_t89 = _t145 + 0x10; // 0x10
								memmove(_t89 + (_t147 - _t134) * 2, _t153, _t134 - _t147 + _t134 - _t147);
								memset(_t153, 0, 8 - _v12 + 8 - _v12);
							}
							return 0;
						}
						if(_t151 != 0) {
							if(_v16 > 3) {
								goto L13;
							}
							_t135 = wcstol(_v28, 0, 0xa);
							_t157 = _t157 + 0xc;
							if(_t135 > 0xff) {
								goto L13;
							}
							_t145 = _a12;
							 *((char*)(_t151 + _v24 * 2 + _t145)) = _t135;
							_t134 = _v12;
							goto L68;
						}
						if(_v16 > 4) {
							goto L13;
						}
						_t110 = wcstol(_v28, _t151, 0x10);
						_t145 = _a12;
						_t157 = _t157 + 0xc;
						 *((short*)(_t145 + _v24 * 2)) = _t110;
						_t134 = _v12;
						goto L68;
					} else {
						goto L13;
					}
				} else {
					goto L1;
				}
				do {
					L1:
					_t113 = _t129;
					if(_t113 == 0) {
						L15:
						if(_t150 == 0x3a) {
							if(_t144 != 0 || _v12 > _t144) {
								L9:
								_t134 = _v12;
								goto L10;
							} else {
								_t114 =  &(_t146[0]);
								if(_t146[0] != 0x3a) {
									goto L9;
								}
								_t130 = _v24;
								_t154 = _a12;
								_v32 = 1;
								_v12 = 2;
								 *((short*)(_t154 + _t130 * 2)) = 0;
								_v24 = 1 + _t130;
								_t146 = _t114;
								_t47 =  &(_t144[0]); // 0x2
								_t129 = _t47;
								L49:
								_t115 = _v28;
								if(_t115 == 0) {
									goto L24;
								}
								if(_t144 != 0) {
									if(_v16 > 3) {
										goto L13;
									}
									_t116 = wcstol(_t115, 0, 0xa);
									_t157 = _t157 + 0xc;
									if(_t116 > 0xff) {
										goto L13;
									}
									_t144 = _v20;
									 *(_t144 + _v24 * 2 + _t154 - 1) = _t116;
									_t141 = _v5;
									goto L24;
								}
								if(_v16 > 4) {
									goto L13;
								}
								_t117 = wcstol(_t115, _t144, 0x10);
								_t144 = _v20;
								_t157 = _t157 + 0xc;
								_t118 = _v24;
								 *((short*)(_t154 + _t118 * 2)) = _t117;
								_t141 = _v5;
								_v24 = 1 + _t118;
								goto L24;
							}
						}
						_t134 = _v12;
						if(_t134 > 7 || _t150 >= 0x80) {
							goto L10;
						} else {
							_t121 = iswctype(_t150, 4);
							_t157 = _t157 + 8;
							if(_t121 != 0) {
								_t144 = _v20;
								_t129 = 1;
								_t138 = 0;
								_v28 = _t146;
								_v16 = 1;
								L23:
								_v5 = _t138;
								goto L24;
							}
							_t122 = iswctype(_t150, 0x80);
							_t157 = _t157 + 8;
							if(_t122 == 0) {
								goto L9;
							}
							_t144 = _v20;
							if(_t144 != 0) {
								goto L9;
							}
							_t129 = 1;
							_v28 = _t146;
							_v16 = 1;
							L22:
							_t138 = 1;
							goto L23;
						}
					}
					_t123 = _t113 - 1;
					if(_t123 != 0) {
						if(_t123 == 1) {
							goto L15;
						}
						L39:
						if(_t129 == 1) {
							goto L24;
						}
						_t154 = _a12;
						goto L49;
					}
					if(_t150 >= 0x80) {
						L7:
						if(_t150 == 0x3a) {
							if(_t144 != 0) {
								goto L9;
							}
							_t155 = _v12;
							if(_t155 > 6) {
								goto L9;
							}
							if(_t146[0] != 0x3a) {
								_t129 = 0;
								_t126 = 1;
								L38:
								_v12 = _t155 + _t126;
								goto L39;
							}
							if(_v32 != _t144) {
								goto L9;
							}
							_t146 =  &(_t146[0]);
							_v32 = _t155 + 1;
							_t129 = 2;
							_t126 = 2;
							goto L38;
						}
						if(_t150 == 0x2e) {
							if(_t141 != 0 || _t144 > 2 || _v12 > 6) {
								goto L9;
							} else {
								_t154 = _a12;
								_t144 =  &(_t144[0]);
								_v20 = _t144;
								_t129 = 0;
								goto L49;
							}
						}
						goto L9;
					}
					_t127 = iswctype(_t150, 4);
					_t157 = _t157 + 8;
					if(_t127 != 0) {
						_v16 = 1 + _v16;
						_t141 = _v5;
						_t144 = _v20;
						goto L24;
					}
					_t128 = iswctype(_t150, 0x80);
					_t144 = _v20;
					_t157 = _t157 + 8;
					if(_t128 != 0) {
						_v16 =  &(_v16[0]);
						if(_t144 == 0) {
							goto L22;
						}
						goto L9;
					}
					_t141 = _v5;
					goto L7;
					L24:
					_t150 = _t146[0] & 0x0000ffff;
					_t146 =  &(_t146[0]);
				} while (_t150 != 0);
				goto L9;
			}







































                                                                                  0x6f4f0bdb
                                                                                  0x6f4f0bde
                                                                                  0x6f4f0be0
                                                                                  0x6f4f0be2
                                                                                  0x6f4f0be7
                                                                                  0x6f4f0bea
                                                                                  0x6f4f0bed
                                                                                  0x6f4f0bf0
                                                                                  0x6f4f0bf3
                                                                                  0x6f4f0bf6
                                                                                  0x6f4f0bf9
                                                                                  0x6f4f0bff
                                                                                  0x6f4f0d14
                                                                                  0x6f4f0c69
                                                                                  0x6f4f0c6c
                                                                                  0x6f4f0c6f
                                                                                  0x6f4f0c73
                                                                                  0x6f54e8fd
                                                                                  0x6f4f0c8d
                                                                                  0x00000000
                                                                                  0x6f4f0c8d
                                                                                  0x6f54e903
                                                                                  0x6f54e904
                                                                                  0x6f54e904
                                                                                  0x6f4f0c79
                                                                                  0x6f4f0c7e
                                                                                  0x6f54e90f
                                                                                  0x6f54e97b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e981
                                                                                  0x6f54e989
                                                                                  0x6f54e98d
                                                                                  0x6f54e98f
                                                                                  0x6f54e993
                                                                                  0x6f54e99d
                                                                                  0x6f54e9a5
                                                                                  0x6f54e9b8
                                                                                  0x6f54e9bd
                                                                                  0x00000000
                                                                                  0x6f54e9c0
                                                                                  0x6f54e913
                                                                                  0x6f54e944
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e956
                                                                                  0x6f54e958
                                                                                  0x6f54e961
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e96a
                                                                                  0x6f54e970
                                                                                  0x6f54e973
                                                                                  0x00000000
                                                                                  0x6f54e973
                                                                                  0x6f54e919
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e925
                                                                                  0x6f54e92a
                                                                                  0x6f54e931
                                                                                  0x6f54e937
                                                                                  0x6f54e93b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f0c05
                                                                                  0x6f4f0c05
                                                                                  0x6f4f0c07
                                                                                  0x6f4f0c0a
                                                                                  0x6f4f0c9b
                                                                                  0x6f4f0c9f
                                                                                  0x6f54e82f
                                                                                  0x6f4f0c66
                                                                                  0x6f4f0c66
                                                                                  0x00000000
                                                                                  0x6f54e83e
                                                                                  0x6f54e843
                                                                                  0x6f54e846
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e84c
                                                                                  0x6f54e851
                                                                                  0x6f54e854
                                                                                  0x6f54e85b
                                                                                  0x6f54e862
                                                                                  0x6f54e867
                                                                                  0x6f54e86a
                                                                                  0x6f54e86c
                                                                                  0x6f54e86c
                                                                                  0x6f54e86f
                                                                                  0x6f54e86f
                                                                                  0x6f54e874
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e87c
                                                                                  0x6f54e8b2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e8bd
                                                                                  0x6f54e8c2
                                                                                  0x6f54e8ca
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e8d0
                                                                                  0x6f54e8d9
                                                                                  0x6f54e8dd
                                                                                  0x00000000
                                                                                  0x6f54e8dd
                                                                                  0x6f54e882
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e88c
                                                                                  0x6f54e891
                                                                                  0x6f54e898
                                                                                  0x6f54e89b
                                                                                  0x6f54e89e
                                                                                  0x6f54e8a3
                                                                                  0x6f54e8a6
                                                                                  0x00000000
                                                                                  0x6f54e8a6
                                                                                  0x6f54e82f
                                                                                  0x6f4f0ca5
                                                                                  0x6f4f0cab
                                                                                  0x00000000
                                                                                  0x6f4f0cb7
                                                                                  0x6f4f0cba
                                                                                  0x6f4f0cbf
                                                                                  0x6f4f0cc4
                                                                                  0x6f54e8e5
                                                                                  0x6f54e8e8
                                                                                  0x6f54e8ed
                                                                                  0x6f54e8ef
                                                                                  0x6f54e8f2
                                                                                  0x6f4f0cf0
                                                                                  0x6f4f0cf0
                                                                                  0x00000000
                                                                                  0x6f4f0cf0
                                                                                  0x6f4f0cd0
                                                                                  0x6f4f0cd5
                                                                                  0x6f4f0cda
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f0cdc
                                                                                  0x6f4f0ce1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f0ce3
                                                                                  0x6f4f0ce8
                                                                                  0x6f4f0ceb
                                                                                  0x6f4f0cee
                                                                                  0x6f4f0cee
                                                                                  0x00000000
                                                                                  0x6f4f0cee
                                                                                  0x6f4f0cab
                                                                                  0x6f4f0c10
                                                                                  0x6f4f0c13
                                                                                  0x6f54e7a1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e7f9
                                                                                  0x6f54e7fc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e802
                                                                                  0x00000000
                                                                                  0x6f54e802
                                                                                  0x6f4f0c21
                                                                                  0x6f4f0c52
                                                                                  0x6f4f0c56
                                                                                  0x6f54e7b9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e7bf
                                                                                  0x6f54e7c5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e7d0
                                                                                  0x6f54e7ed
                                                                                  0x6f54e7ef
                                                                                  0x6f54e7f4
                                                                                  0x6f54e7f6
                                                                                  0x00000000
                                                                                  0x6f54e7f6
                                                                                  0x6f54e7d5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f54e7de
                                                                                  0x6f54e7e1
                                                                                  0x6f54e7e4
                                                                                  0x6f54e7e9
                                                                                  0x00000000
                                                                                  0x6f54e7e9
                                                                                  0x6f4f0c60
                                                                                  0x6f54e809
                                                                                  0x00000000
                                                                                  0x6f54e822
                                                                                  0x6f54e822
                                                                                  0x6f54e825
                                                                                  0x6f54e826
                                                                                  0x6f54e829
                                                                                  0x00000000
                                                                                  0x6f54e829
                                                                                  0x6f54e809
                                                                                  0x00000000
                                                                                  0x6f4f0c60
                                                                                  0x6f4f0c26
                                                                                  0x6f4f0c2b
                                                                                  0x6f4f0c30
                                                                                  0x6f54e7a9
                                                                                  0x6f54e7ac
                                                                                  0x6f54e7af
                                                                                  0x00000000
                                                                                  0x6f54e7af
                                                                                  0x6f4f0c3c
                                                                                  0x6f4f0c41
                                                                                  0x6f4f0c44
                                                                                  0x6f4f0c49
                                                                                  0x6f4f0d08
                                                                                  0x6f4f0d0d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f4f0d0f
                                                                                  0x6f4f0c4f
                                                                                  0x00000000
                                                                                  0x6f4f0cf3
                                                                                  0x6f4f0cf3
                                                                                  0x6f4f0cf7
                                                                                  0x6f4f0cfa
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • iswctype.BCCB(?,00000004,00000000,?,00000000,?,?,00000000,00000000), ref: 6F4F0C26
                                                                                  • iswctype.BCCB(?,00000080,?,00000000,?,?,00000000,00000000), ref: 6F4F0C3C
                                                                                  • iswctype.BCCB(?,00000004,00000000,?,00000000,?,?,00000000,00000000), ref: 6F4F0CBA
                                                                                  • iswctype.BCCB(?,00000080,?,00000000,?,?,00000000,00000000), ref: 6F4F0CD0
                                                                                  • wcstol.BCCB(?,00000000,00000010,00000000,?,00000000), ref: 6F54E88C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: iswctype$wcstol
                                                                                  • String ID:
                                                                                  • API String ID: 3196148086-0
                                                                                  • Opcode ID: e8cce5817cc4ce449349599480dfbb7a9bb6f94171a4a7226f78549168923cd8
                                                                                  • Instruction ID: 01fb41d1315de2471eb26d570984456d59123cbd388f747973b1cd103ac1d450
                                                                                  • Opcode Fuzzy Hash: e8cce5817cc4ce449349599480dfbb7a9bb6f94171a4a7226f78549168923cd8
                                                                                  • Instruction Fuzzy Hash: F691B175D052569BDB28CF6DC980BDFB7B1FFC1304F108126D858AB741E231AA46CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51F86D, Relevance: 15.1, APIs: 10, Instructions: 124threadmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 93%
                                                                                  			E6F51F86D(void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int _t48;
				signed int _t50;
				signed int _t53;
				intOrPtr _t60;
				signed int* _t66;
				signed int _t67;
				signed int* _t70;
				void* _t71;

				_t64 = __edx;
				_t61 = __ecx;
				_push(0x1c);
				_push(0x6f5cfeb8);
				E6F54D08C(__ebx, __edi, __esi);
				_t60 = __edx;
				 *((intOrPtr*)(_t71 - 0x28)) = __edx;
				_t70 = __ecx;
				 *((intOrPtr*)(_t71 - 0x2c)) = __ecx;
				_t66 =  *(_t71 + 8);
				if(_t66 == 0 || __ecx == 0 || __edx == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E6F5C88F5(_t60, _t61, _t64, _t66, _t70, __eflags);
					_t31 = 0xc000000d;
					goto L9;
				} else {
					if( *__ecx == 0) {
						L10:
						 *(_t71 - 0x20) =  *(_t71 - 0x20) & 0x00000000;
						_t67 = E6F523E70(_t71 - 0x20, 0);
						 *(_t71 - 0x24) = _t67;
						__eflags = _t67;
						if(_t67 < 0) {
							L24:
							_t31 = _t67;
							L9:
							return E6F54D0D1(_t31);
						}
						E6F512280(_t36, _t60);
						 *(_t71 - 4) = 1;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							asm("lock inc dword [eax]");
							L21:
							 *(_t71 - 4) = 0xfffffffe;
							E6F51F9DD(_t60);
							_t40 =  *(_t71 - 0x20);
							__eflags = _t40;
							if(__eflags != 0) {
								_push(_t40);
								E6F4F9100(_t60, _t61, _t67, _t70, __eflags);
							}
							__eflags = _t67;
							if(_t67 >= 0) {
								 *( *(_t71 + 8)) =  *_t70;
							}
							goto L24;
						}
						__eflags = _t70 - 0x6f5e86c0;
						if(_t70 != 0x6f5e86c0) {
							__eflags = _t70 - 0x6f5e86b8;
							if(_t70 != 0x6f5e86b8) {
								L20:
								 *_t70 =  *(_t71 - 0x20);
								_t20 = _t71 - 0x20;
								 *_t20 =  *(_t71 - 0x20) & 0x00000000;
								__eflags =  *_t20;
								goto L21;
							}
							E6F525AA0(_t61,  *(_t71 - 0x20), 1);
							_t45 = E6F4F95F0( *(_t71 - 0x20), 1);
							L27:
							_t67 = _t45;
							__eflags = _t67;
							 *(_t71 - 0x24) = _t67;
							if(_t67 >= 0) {
								goto L20;
							}
							goto L21;
						}
						_t46 =  *0x6f5e8754;
						__eflags = _t46;
						if(_t46 != 0) {
							E6F525AA0(_t61,  *(_t71 - 0x20), _t46);
						} else {
							_t50 =  *0x7ffe03c0 << 3;
							__eflags = _t50 - 0x300;
							if(_t50 < 0x300) {
								_t50 = 0x300;
							}
							E6F525AA0(0x300,  *(_t71 - 0x20), _t50);
							_t53 =  *0x7ffe03c0 << 2;
							_t61 = 0x180;
							__eflags = _t53 - 0x180;
							if(_t53 < 0x180) {
								_t53 = 0x180;
							}
							E6F535C70( *(_t71 - 0x20), _t53);
						}
						_t48 =  *0x6f5e8750;
						__eflags = _t48;
						if(_t48 != 0) {
							_t45 = E6F4FB8F0( *(_t71 - 0x20), _t48);
							goto L27;
						} else {
							goto L20;
						}
					}
					 *((char*)(_t71 - 0x19)) = 0;
					E6F51FAD0(__edx);
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					if( *_t70 != 0) {
						asm("lock inc dword [eax]");
						 *_t66 =  *_t70;
						 *((char*)(_t71 - 0x19)) = 1;
					}
					 *(_t71 - 4) = 0xfffffffe;
					E6F51F9D6(_t60);
					if( *((char*)(_t71 - 0x19)) == 0) {
						goto L10;
					} else {
						_t31 = 0;
						goto L9;
					}
				}
			}















                                                                                  0x6f51f86d
                                                                                  0x6f51f86d
                                                                                  0x6f51f86d
                                                                                  0x6f51f86f
                                                                                  0x6f51f874
                                                                                  0x6f51f879
                                                                                  0x6f51f87b
                                                                                  0x6f51f87e
                                                                                  0x6f51f880
                                                                                  0x6f51f883
                                                                                  0x6f51f888
                                                                                  0x6f5647c9
                                                                                  0x6f5647ce
                                                                                  0x00000000
                                                                                  0x6f51f8b1
                                                                                  0x6f51f8b4
                                                                                  0x6f51f8f1
                                                                                  0x6f51f8f1
                                                                                  0x6f51f900
                                                                                  0x6f51f902
                                                                                  0x6f51f905
                                                                                  0x6f51f907
                                                                                  0x6f51f9a9
                                                                                  0x6f51f9a9
                                                                                  0x6f51f8e9
                                                                                  0x6f51f8ee
                                                                                  0x6f51f8ee
                                                                                  0x6f51f90e
                                                                                  0x6f51f913
                                                                                  0x6f51f91c
                                                                                  0x6f51f91e
                                                                                  0x6f51f9e4
                                                                                  0x6f51f98b
                                                                                  0x6f51f98b
                                                                                  0x6f51f992
                                                                                  0x6f51f997
                                                                                  0x6f51f99a
                                                                                  0x6f51f99c
                                                                                  0x6f51f9e9
                                                                                  0x6f51f9ea
                                                                                  0x6f51f9ea
                                                                                  0x6f51f99e
                                                                                  0x6f51f9a0
                                                                                  0x6f51f9a7
                                                                                  0x6f51f9a7
                                                                                  0x00000000
                                                                                  0x6f51f9a0
                                                                                  0x6f51f924
                                                                                  0x6f51f92a
                                                                                  0x6f51f9b0
                                                                                  0x6f51f9b6
                                                                                  0x6f51f982
                                                                                  0x6f51f985
                                                                                  0x6f51f987
                                                                                  0x6f51f987
                                                                                  0x6f51f987
                                                                                  0x00000000
                                                                                  0x6f51f987
                                                                                  0x6f51f9be
                                                                                  0x6f51f9c6
                                                                                  0x6f51f9cb
                                                                                  0x6f51f9cb
                                                                                  0x6f51f9cd
                                                                                  0x6f51f9cf
                                                                                  0x6f51f9d2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f51f9d4
                                                                                  0x6f51f930
                                                                                  0x6f51f935
                                                                                  0x6f51f937
                                                                                  0x6f5647a3
                                                                                  0x6f51f93d
                                                                                  0x6f51f942
                                                                                  0x6f51f94a
                                                                                  0x6f51f94c
                                                                                  0x6f51f94e
                                                                                  0x6f51f94e
                                                                                  0x6f51f954
                                                                                  0x6f51f95e
                                                                                  0x6f51f961
                                                                                  0x6f51f966
                                                                                  0x6f51f968
                                                                                  0x6f51f96a
                                                                                  0x6f51f96a
                                                                                  0x6f51f970
                                                                                  0x6f51f970
                                                                                  0x6f51f975
                                                                                  0x6f51f97a
                                                                                  0x6f51f97c
                                                                                  0x6f5647b1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f51f97c
                                                                                  0x6f51f8b6
                                                                                  0x6f51f8bb
                                                                                  0x6f51f8c0
                                                                                  0x6f51f8c8
                                                                                  0x6f51f8ca
                                                                                  0x6f51f8cf
                                                                                  0x6f51f8d1
                                                                                  0x6f51f8d1
                                                                                  0x6f51f8d5
                                                                                  0x6f51f8dc
                                                                                  0x6f51f8e5
                                                                                  0x00000000
                                                                                  0x6f51f8e7
                                                                                  0x6f51f8e7
                                                                                  0x00000000
                                                                                  0x6f51f8e7
                                                                                  0x6f51f8e5

                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(?,?,?,?,6F5CFEB8,0000001C,6F4F2C4C,?), ref: 6F51F8BB
                                                                                  • TpAllocPool.BCCB(00000000,00000000,?,?,?,6F5CFEB8,0000001C,6F4F2C4C,?), ref: 6F51F8FB
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,00000000,00000000,?,?,?,6F5CFEB8,0000001C,6F4F2C4C,?), ref: 6F51F90E
                                                                                  • TpSetPoolMaxThreads.BCCB(00000000,7FFE03C0,?,00000000,00000000,?,?,?,6F5CFEB8,0000001C,6F4F2C4C,?), ref: 6F51F954
                                                                                  • TpSetPoolMaxThreadsSoftLimit.BCCB(00000000,7FFE03C0,00000000,7FFE03C0,?,00000000,00000000,?,?,?,6F5CFEB8,0000001C,6F4F2C4C,?), ref: 6F51F970
                                                                                  • TpSetPoolMaxThreads.BCCB(00000000,00000001,?,00000000,00000000,?,?,?,6F5CFEB8,0000001C,6F4F2C4C,?), ref: 6F51F9BE
                                                                                  • TpSetPoolMinThreads.BCCB(00000000,00000001,00000000,00000001,?,00000000,00000000,?,?,?,6F5CFEB8,0000001C,6F4F2C4C,?), ref: 6F51F9C6
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Pool$Threads$AcquireLock$AllocExclusiveLimitSharedSoft
                                                                                  • String ID:
                                                                                  • API String ID: 4196657934-0
                                                                                  • Opcode ID: 3eebe031a664484acb60a99226ac46a9fb0d5412d626f4dea19271043cf04506
                                                                                  • Instruction ID: cacea781be458b78fd518e960167d054e86724fca7a55321ab7a4e730829b5df
                                                                                  • Opcode Fuzzy Hash: 3eebe031a664484acb60a99226ac46a9fb0d5412d626f4dea19271043cf04506
                                                                                  • Instruction Fuzzy Hash: 8B418F71A08305EFEB11DFA8C840BADB6F5BF8A718F10053AE454EB295D775AC418BA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F71D0, Relevance: 13.7, APIs: 9, Instructions: 162COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 85%
                                                                                  			E6F4F71D0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, short* _a16) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _t35;
				void* _t39;
				void* _t40;
				void* _t41;
				void* _t43;
				void* _t49;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t66;
				void* _t69;
				void* _t70;
				void* _t72;
				void* _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				intOrPtr* _t82;
				signed int _t83;
				signed int _t84;
				short* _t85;
				intOrPtr _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;

				if(_a4 == 0 || _a12 == 0) {
					L4:
					return 0xc000000d;
				} else {
					_t85 = _a16;
					if(_t85 == 0 || E6F4F7220(_a4, _a8,  &_v12, _a12) < 0) {
						goto L4;
					} else {
						_t87 = _v12;
						_t35 =  *_t87;
						if(_t35 != 0x3a) {
							if(_t35 != 0) {
								goto L4;
							}
							_v8 = _v8 & 0x00000000;
							L37:
							 *_t85 = _v8;
							return 0;
						}
						_v8 = _v8 & 0x00000000;
						_t88 = _t87 + 1;
						_t38 = 0xa;
						_v12 = _t38;
						_t83 = 0x10;
						if( *_t88 == 0x30) {
							_t12 = _t88 + 1; // 0x2
							_t82 = _t12;
							_v12 = 8;
							_t88 = _t82;
							_t38 =  *_t88;
							if(_t38 == 0x78 || _t38 == 0x58) {
								_v12 = _t83;
								_t15 = _t82 + 1; // 0x3
								_t88 = _t15;
							}
						}
						_t66 =  *_t88;
						if(_t66 == 0) {
							L33:
							if(_t66 != 0) {
								goto L37;
							}
							goto L4;
						} else {
							do {
								_t86 = _t66;
								_t88 = _t88 + 1;
								_t39 = E6F53CB30(_t38, _t86);
								_pop(_t69);
								if(_t39 == 0) {
									_t84 = _v12;
									L18:
									_t40 = 0x10;
									if(_t84 != _t40) {
										goto L4;
									}
									_t41 = E6F53CB30(_t40, _t86);
									_pop(_t70);
									if(_t41 == 0 || E6F53CDD0(_t70, _t86) == 0) {
										goto L4;
									} else {
										_t43 = E6F53CB30(_t42, _t86);
										_pop(_t72);
										if(_t43 == 0 || E6F53CCE0(_t72, _t86) == 0) {
											_push(0x41);
										} else {
											_push(0x61);
										}
										_pop(_t73);
										_t48 = ((_v8 & 0x0000ffff) << 4) - _t73 + 0xa + _t86;
										if(((_v8 & 0x0000ffff) << 4) - _t73 + 0xa + _t86 > 0xffff) {
											goto L4;
										} else {
											_v8 = _v8 << 4;
											_t49 = E6F53CB30(_t48, _t86);
											_pop(_t74);
											if(_t49 == 0 || E6F53CCE0(_t74, _t86) == 0) {
												_push(0x41);
											} else {
												_push(0x61);
											}
											_pop(_t75);
											_t76 = 0xa;
											_t38 = _t66 - _t75 + _t76;
											_v8 = _v8 + _t66 - _t75 + _t76;
											goto L31;
										}
									}
								}
								_t54 = E6F53CC80(_t69, _t86);
								_t84 = _v12;
								if(_t54 == 0) {
									goto L18;
								}
								_t55 = _t66;
								_v16 = _t55;
								if(_t55 + 0xffffffd0 >= _t84) {
									goto L18;
								}
								if((_v8 & 0x0000ffff) * (_t84 & 0x0000ffff) + 0xffffffd0 + _t86 > 0xffff) {
									goto L4;
								}
								_t38 = _t84 * _v8 + 0xffffffd0 + _v16 & 0x0000ffff;
								_v8 = _t84 * _v8 + 0xffffffd0 + _v16 & 0x0000ffff;
								L31:
								_t66 =  *_t88;
							} while (_t66 != 0);
							_t85 = _a16;
							goto L33;
						}
					}
				}
			}





























                                                                                  0x6f4f71df
                                                                                  0x6f4f7208
                                                                                  0x00000000
                                                                                  0x6f4f71e7
                                                                                  0x6f4f71e7
                                                                                  0x6f4f71ec
                                                                                  0x00000000
                                                                                  0x6f5522f2
                                                                                  0x6f5522f2
                                                                                  0x6f5522f5
                                                                                  0x6f5522f9
                                                                                  0x6f552446
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55244c
                                                                                  0x6f552450
                                                                                  0x6f55245a
                                                                                  0x00000000
                                                                                  0x6f55245a
                                                                                  0x6f5522ff
                                                                                  0x6f552303
                                                                                  0x6f552306
                                                                                  0x6f55230c
                                                                                  0x6f55230f
                                                                                  0x6f552310
                                                                                  0x6f552312
                                                                                  0x6f552312
                                                                                  0x6f552315
                                                                                  0x6f55231c
                                                                                  0x6f55231e
                                                                                  0x6f552322
                                                                                  0x6f552328
                                                                                  0x6f55232b
                                                                                  0x6f55232b
                                                                                  0x6f55232b
                                                                                  0x6f552322
                                                                                  0x6f552330
                                                                                  0x6f552334
                                                                                  0x6f55243b
                                                                                  0x6f55243d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55233a
                                                                                  0x6f55233a
                                                                                  0x6f55233a
                                                                                  0x6f55233d
                                                                                  0x6f55233f
                                                                                  0x6f552344
                                                                                  0x6f552347
                                                                                  0x6f552399
                                                                                  0x6f55239c
                                                                                  0x6f55239e
                                                                                  0x6f5523a2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5523a9
                                                                                  0x6f5523ae
                                                                                  0x6f5523b1
                                                                                  0x00000000
                                                                                  0x6f5523c6
                                                                                  0x6f5523c7
                                                                                  0x6f5523cc
                                                                                  0x6f5523cf
                                                                                  0x6f5523e0
                                                                                  0x6f5523dc
                                                                                  0x6f5523dc
                                                                                  0x6f5523dc
                                                                                  0x6f5523e9
                                                                                  0x6f5523ef
                                                                                  0x6f5523f6
                                                                                  0x00000000
                                                                                  0x6f5523fc
                                                                                  0x6f5523fc
                                                                                  0x6f552401
                                                                                  0x6f552406
                                                                                  0x6f552409
                                                                                  0x6f55241a
                                                                                  0x6f552416
                                                                                  0x6f552416
                                                                                  0x6f552416
                                                                                  0x6f55241c
                                                                                  0x6f552426
                                                                                  0x6f552427
                                                                                  0x6f55242a
                                                                                  0x00000000
                                                                                  0x6f55242a
                                                                                  0x6f5523f6
                                                                                  0x6f5523b1
                                                                                  0x6f55234a
                                                                                  0x6f55234f
                                                                                  0x6f552355
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f552357
                                                                                  0x6f55235b
                                                                                  0x6f552364
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55237a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f55238e
                                                                                  0x6f552391
                                                                                  0x6f55242e
                                                                                  0x6f55242e
                                                                                  0x6f552430
                                                                                  0x6f552438
                                                                                  0x00000000
                                                                                  0x6f552438
                                                                                  0x6f552334
                                                                                  0x6f4f71ec

                                                                                  APIs
                                                                                  • RtlIpv4StringToAddressA.BCCB(00000000,?,00000000,00000000), ref: 6F4F71FB
                                                                                    • Part of subcall function 6F4F7220: __isascii.BCCB(0000000A,?), ref: 6F4F7275
                                                                                    • Part of subcall function 6F4F7220: isdigit.BCCB(00000000,?), ref: 6F4F7283
                                                                                  • __isascii.BCCB(?,00000000,?,00000000,00000000), ref: 6F55233F
                                                                                  • isdigit.BCCB(?,00000000,?,00000000,00000000), ref: 6F55234A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: __isasciiisdigit$AddressIpv4String
                                                                                  • String ID:
                                                                                  • API String ID: 960699662-0
                                                                                  • Opcode ID: d1e8079f3b444f1ff0fe202882e6dd36213e97e5e6d2fb41066c33beb2a1206c
                                                                                  • Instruction ID: 3215789b2eb75cbabf6b242d2186aa3e648f7076b21aca14d575ecbfa3ff9d1b
                                                                                  • Opcode Fuzzy Hash: d1e8079f3b444f1ff0fe202882e6dd36213e97e5e6d2fb41066c33beb2a1206c
                                                                                  • Instruction Fuzzy Hash: 58413A36A4422697EB018E68D851BFE77B49F82324F25417BE894EB2C0E738ED53D750
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5846A4, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 206COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 94%
                                                                                  			E6F5846A4(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				int _v28;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t120;
				intOrPtr _t121;
				signed int _t126;
				signed int _t127;
				intOrPtr* _t145;
				intOrPtr* _t147;
				signed int _t148;
				intOrPtr _t149;
				intOrPtr _t150;
				intOrPtr* _t151;
				signed int _t152;
				void* _t153;
				intOrPtr _t155;
				intOrPtr _t157;
				intOrPtr _t158;
				intOrPtr _t162;
				intOrPtr _t164;
				intOrPtr _t166;
				intOrPtr _t167;
				int _t168;
				intOrPtr _t169;
				signed int _t171;
				intOrPtr* _t172;
				intOrPtr* _t174;
				void* _t175;
				short* _t176;
				signed int _t177;
				void* _t178;

				_t153 = __ecx;
				_t177 = 0;
				_v20 = 0xc00000e5;
				_t172 = _a12;
				_t145 = __edx;
				_v8 = 0;
				_v24 = 0;
				if(_t172 != 0) {
					 *_t172 = 0;
				}
				_t162 =  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x18)) + _t153 + 8));
				_v16 =  *_t145;
				if( *_t145 < _t162 - 1) {
					E6F521D47( &_v20, _a4, _a8, _t172, 0x58, _t153, _t153, 2,  &_v8,  &_v28);
					if(_v24 == 0) {
						_t177 = _v20;
					} else {
						_t164 = _v8;
						_t19 = _t145 + 4; // 0x0
						_t115 =  *_t19;
						_v24 = _t115;
						_t155 =  *((intOrPtr*)(_t164 + 0x14));
						if(_t115 < _t155) {
							_t116 =  *((intOrPtr*)(_t164 + 0x18));
							if(_t116 == 0) {
								L16:
								_t177 = 0xc0150015;
							} else {
								_v20 = _t177;
								_v12 = _t116 + _t164;
								_v16 = _t177;
								if(_t155 != 0) {
									_v28 =  *_t145 + 1;
									_t147 = _v12 + 0xc;
									_t120 = _v24;
									do {
										_t166 = _v8;
										if( *((intOrPtr*)(_t147 + 8)) != _v28) {
											goto L15;
										} else {
											if(_v20 != _t120 ||  *_t147 == _t177) {
												_v20 = _v20 + 1;
												goto L15;
											} else {
												_t157 =  *_t147 + _t166;
												_v24 = _t157;
												if(_t157 == 0) {
													goto L16;
												} else {
													_t148 = _v16 * 0x18;
													_t121 = 0x14;
													_v20 = _t148;
													_t149 =  *((intOrPtr*)(_t148 + _v12 + 8));
													_t174 = _a12;
													if(_t149 != 0) {
														_t121 = _t149 + 0x16;
													}
													_t150 =  *((intOrPtr*)(_t157 + 8));
													if(_t150 != 0) {
														_t121 = _t121 + 2 + _t150;
													}
													if(_t121 <= _a8) {
														_t151 = _a4;
														_t167 = _v12;
														 *_t151 =  *((intOrPtr*)(_t157 + 4));
														_t51 = _t151 + 0x14; // 0x15
														_t175 = _t51;
														 *((intOrPtr*)(_t151 + 4)) =  *((intOrPtr*)(_v20 + _t167 + 8));
														 *((intOrPtr*)(_t151 + 8)) =  *((intOrPtr*)(_t157 + 8));
														_t126 = _v20;
														 *(_t151 + 0xc) = _t177;
														 *(_t151 + 0x10) = _t177;
														_t168 =  *((intOrPtr*)(_t126 + _t167 + 8));
														_v28 = _t168;
														_t169 = _v8;
														if(_t168 != 0) {
															memcpy(_t175,  *((intOrPtr*)(_t126 + _v12 + 4)) + _t169, _v28);
															_t178 = _t178 + 0xc;
															 *(_t151 + 0xc) = _t175;
															_t176 = _t175 +  *((intOrPtr*)(_v20 + _v12 + 8));
															_t157 = _v24;
															 *_t176 = 0;
															_t175 = _t176 + 2;
														}
														if( *((intOrPtr*)(_t157 + 8)) != _t177) {
															_t127 =  *(_t157 + 0x10);
															if(_t127 != 0) {
																_t171 = _t127 * 0x2c + _v8;
																_v20 = _t171;
																if(_t171 != 0) {
																	 *(_t151 + 0x10) = _t175;
																	_t152 = _t177;
																	if( *((intOrPtr*)(_t157 + 0xc)) <= _t177) {
																		L37:
																		 *_t175 = 0;
																	} else {
																		_t158 = _v24;
																		_v28 = _a4 + _a8;
																		while( *((intOrPtr*)(_t171 + 4 + _t152 * 8)) + 2 + _t175 <= _v28) {
																			if( *((intOrPtr*)(_t171 + 4 + _t152 * 8)) != _t177) {
																				memcpy(_t175, _v8 +  *((intOrPtr*)(_t171 + 4 + _t152 * 8)),  *(_t171 + _t152 * 8));
																				_t171 = _v20;
																				_t178 = _t178 + 0xc;
																				_t158 = _v24;
																				_t175 = _t175 +  *(_t171 + _t152 * 8);
																			}
																			_t152 = _t152 + 1;
																			if(_t152 <  *((intOrPtr*)(_t158 + 0xc))) {
																				continue;
																			} else {
																				goto L37;
																			}
																			goto L39;
																		}
																		goto L16;
																	}
																}
															}
														}
													} else {
														if(_t174 != 0) {
															 *_t174 = _t121;
														}
														_t177 = 0xc0000023;
													}
												}
											}
										}
										goto L39;
										L15:
										_v16 = _v16 + 1;
										_t147 = _t147 + 0x18;
									} while (_v16 < _t155);
								}
								goto L16;
							}
						} else {
							_push( *_t145);
							_push(_t155);
							_push(_t115);
							E6F585720(0x33, _t177, "SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u)\n", "RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation");
							goto L4;
						}
					}
				} else {
					_push(_t162);
					_push(_v16);
					E6F585720(0x33, _t177, "SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context\n", "RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation");
					L4:
					_t177 = 0xc000000d;
				}
				L39:
				return _t177;
			}







































                                                                                  0x6f5846a4
                                                                                  0x6f5846ae
                                                                                  0x6f5846b0
                                                                                  0x6f5846b8
                                                                                  0x6f5846bb
                                                                                  0x6f5846bd
                                                                                  0x6f5846c0
                                                                                  0x6f5846c5
                                                                                  0x6f5846c7
                                                                                  0x6f5846c7
                                                                                  0x6f5846cc
                                                                                  0x6f5846d2
                                                                                  0x6f5846da
                                                                                  0x6f58471b
                                                                                  0x6f584727
                                                                                  0x6f5848c0
                                                                                  0x6f58472d
                                                                                  0x6f58472d
                                                                                  0x6f584730
                                                                                  0x6f584730
                                                                                  0x6f584733
                                                                                  0x6f584736
                                                                                  0x6f58473b
                                                                                  0x6f584758
                                                                                  0x6f58475d
                                                                                  0x6f58479f
                                                                                  0x6f58479f
                                                                                  0x6f58475f
                                                                                  0x6f584761
                                                                                  0x6f584764
                                                                                  0x6f584767
                                                                                  0x6f58476c
                                                                                  0x6f584774
                                                                                  0x6f584777
                                                                                  0x6f58477a
                                                                                  0x6f58477d
                                                                                  0x6f584783
                                                                                  0x6f584786
                                                                                  0x00000000
                                                                                  0x6f584788
                                                                                  0x6f58478b
                                                                                  0x6f584791
                                                                                  0x00000000
                                                                                  0x6f5847a9
                                                                                  0x6f5847ab
                                                                                  0x6f5847ad
                                                                                  0x6f5847b0
                                                                                  0x00000000
                                                                                  0x6f5847b2
                                                                                  0x6f5847b2
                                                                                  0x6f5847bb
                                                                                  0x6f5847bc
                                                                                  0x6f5847bf
                                                                                  0x6f5847c3
                                                                                  0x6f5847c8
                                                                                  0x6f5847ca
                                                                                  0x6f5847ca
                                                                                  0x6f5847cd
                                                                                  0x6f5847d2
                                                                                  0x6f5847d7
                                                                                  0x6f5847d7
                                                                                  0x6f5847dc
                                                                                  0x6f5847ee
                                                                                  0x6f5847f4
                                                                                  0x6f5847f7
                                                                                  0x6f5847f9
                                                                                  0x6f5847f9
                                                                                  0x6f584803
                                                                                  0x6f584809
                                                                                  0x6f58480c
                                                                                  0x6f58480f
                                                                                  0x6f584812
                                                                                  0x6f584815
                                                                                  0x6f58481b
                                                                                  0x6f58481e
                                                                                  0x6f584821
                                                                                  0x6f584831
                                                                                  0x6f584839
                                                                                  0x6f58483f
                                                                                  0x6f584842
                                                                                  0x6f584848
                                                                                  0x6f58484b
                                                                                  0x6f58484e
                                                                                  0x6f58484e
                                                                                  0x6f584854
                                                                                  0x6f584856
                                                                                  0x6f58485b
                                                                                  0x6f584860
                                                                                  0x6f584863
                                                                                  0x6f584866
                                                                                  0x6f584868
                                                                                  0x6f58486b
                                                                                  0x6f584870
                                                                                  0x6f5848b9
                                                                                  0x6f5848bb
                                                                                  0x6f584872
                                                                                  0x6f584878
                                                                                  0x6f58487b
                                                                                  0x6f58487e
                                                                                  0x6f584894
                                                                                  0x6f5848a2
                                                                                  0x6f5848a7
                                                                                  0x6f5848aa
                                                                                  0x6f5848ad
                                                                                  0x6f5848b0
                                                                                  0x6f5848b0
                                                                                  0x6f5848b3
                                                                                  0x6f5848b7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x6f5848b7
                                                                                  0x00000000
                                                                                  0x6f58487e
                                                                                  0x6f584870
                                                                                  0x6f584866
                                                                                  0x6f58485b
                                                                                  0x6f5847de
                                                                                  0x6f5847e0
                                                                                  0x6f5847e2
                                                                                  0x6f5847e2
                                                                                  0x6f5847e4
                                                                                  0x6f5847e4
                                                                                  0x6f5847dc
                                                                                  0x6f5847b0
                                                                                  0x6f58478b
                                                                                  0x00000000
                                                                                  0x6f584794
                                                                                  0x6f584794
                                                                                  0x6f584797
                                                                                  0x6f58479a
                                                                                  0x6f58477d
                                                                                  0x00000000
                                                                                  0x6f58476c
                                                                                  0x6f58473d
                                                                                  0x6f58473d
                                                                                  0x6f58473f
                                                                                  0x6f584740
                                                                                  0x6f58474e
                                                                                  0x00000000
                                                                                  0x6f584753
                                                                                  0x6f58473b
                                                                                  0x6f5846dc
                                                                                  0x6f5846dc
                                                                                  0x6f5846dd
                                                                                  0x6f5846ed
                                                                                  0x6f5846f5
                                                                                  0x6f5846f5
                                                                                  0x6f5846f5
                                                                                  0x6f5848c4
                                                                                  0x6f5848cb

                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context,RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation,?,?,6F5417F0,00000000,?,00000000,?), ref: 6F5846ED
                                                                                    • Part of subcall function 6F521D47: memset.BCCB(00000000,00000000,6F5417F0,?,00000001,00000000,?,6F4F8D70,00000000,?,?,00000030,?,?,00000001,?), ref: 6F521D87
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u),RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation,00000000,?,6F5CFE98,00000001,?,C00000E5,00000058,?,?,00000002,-00000F38,00000000), ref: 6F58474E
                                                                                  • memcpy.BCCB(00000015,?,00000000,00000001,?,C00000E5,00000058,?,?,00000002,-00000F38,00000000,6F5417F0,00000000,?,00000000), ref: 6F584831
                                                                                  • memcpy.BCCB(00000015,?,-00000F38,00000001,?,C00000E5,00000058,?,?,00000002,-00000F38,00000000,6F5417F0,00000000,?,00000000), ref: 6F5848A2
                                                                                  Strings
                                                                                  • SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context, xrefs: 6F5846E5
                                                                                  • RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation, xrefs: 6F5846E0, 6F584741
                                                                                  • SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u), xrefs: 6F584746
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Printmemcpy$memset
                                                                                  • String ID: RtlpQueryFilesInAssemblyInformationActivationContextDetailedInformation$SXS: %s() received invalid file index (%u, max is %u) in Assembly (%u)$SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context
                                                                                  • API String ID: 3998808364-2744866428
                                                                                  • Opcode ID: 0be5d72cd438bb036180d12f7105772769fae97e7bfe1098974ce0b88d748c3b
                                                                                  • Instruction ID: c056420dbe811f14b211d3f3f16bf0b1271929cef9f30fb82b12944e033d918c
                                                                                  • Opcode Fuzzy Hash: 0be5d72cd438bb036180d12f7105772769fae97e7bfe1098974ce0b88d748c3b
                                                                                  • Instruction Fuzzy Hash: A4810F75E00229DFDB04CF98C880AAEB7B9FF45714B15856AE824AB305D730ED51CFA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F584496, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 195COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 48%
                                                                                  			E6F584496(void* __ecx, signed int __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v8;
				short _v12;
				char _v16;
				char _v20;
				intOrPtr _t96;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr* _t128;
				void* _t154;
				intOrPtr _t155;
				intOrPtr* _t162;
				void* _t165;
				signed int _t167;
				void* _t169;
				intOrPtr* _t170;
				void* _t171;
				short* _t172;
				short* _t173;
				short* _t174;
				void* _t175;

				_t170 = _a12;
				_t167 = __edx;
				_v16 = 0xc00000e5;
				_t165 = __ecx;
				_v12 = 0;
				if(_t170 != 0) {
					 *_t170 = 0;
				}
				_t96 =  *((intOrPtr*)(_t165 + 0x18));
				_t154 =  *((intOrPtr*)(_t96 + _t165 + 0xc)) + _t165;
				if(_t167 <  *((intOrPtr*)(_t96 + _t165 + 8))) {
					asm("lfence");
					_push( &_v20);
					_t169 =  *((intOrPtr*)(_t167 * 0x18 + _t154 + 0x10)) + _t165;
					_push( &_v8);
					_push(1);
					_push(0);
					_push(_t165);
					_t155 = 0x58;
					_push(_t155);
					_push(_t170);
					_push(_a8);
					_push(_a4);
					E6F521D47( &_v16);
					if(_v12 == 0) {
						return _v16;
					}
					_t20 = _t169 + 8; // 0xffffff98
					_t106 =  *_t20;
					if(_t106 != 0) {
						_t21 = _t106 + 0x5a; // 0xfffffff2
						_t155 = _t21;
					}
					_t22 = _t169 + 0x14; // 0x0
					_t107 =  *_t22;
					if(_t107 != 0) {
						_t155 = _t155 + 2 + _t107;
					}
					_t23 = _t169 + 0x28; // 0xffffffc4
					_t108 =  *_t23;
					if(_t108 != 0) {
						_t155 = _t155 + 2 + _t108;
					}
					_t24 = _t169 + 0x50; // 0xfffffecc
					_t109 =  *_t24;
					if(_t109 != 0) {
						_t155 = _t155 + 2 + _t109;
					}
					if(_t155 <= _a8) {
						_t162 = _a4;
						_t27 = _t169 + 4; // 0x0
						 *_t162 =  *_t27;
						_t28 = _t162 + 0x58; // 0x59
						_t171 = _t28;
						_t29 = _t169 + 8; // 0xffffff98
						 *((intOrPtr*)(_t162 + 4)) =  *_t29;
						_t31 = _t169 + 0x10; // 0xfffffffe
						 *((intOrPtr*)(_t162 + 8)) =  *_t31;
						_t33 = _t169 + 0x14; // 0x0
						 *((intOrPtr*)(_t162 + 0xc)) =  *_t33;
						_t35 = _t169 + 0x1c; // 0x0
						 *((intOrPtr*)(_t162 + 0x10)) =  *_t35;
						_t37 = _t169 + 0x20; // 0xfffffffe
						 *((intOrPtr*)(_t162 + 0x14)) =  *_t37;
						_t39 = _t169 + 0x24; // 0x0
						 *((intOrPtr*)(_t162 + 0x18)) =  *_t39;
						_t41 = _t169 + 0x28; // 0xffffffc4
						 *((intOrPtr*)(_t162 + 0x1c)) =  *_t41;
						_t43 = _t169 + 0x30; // 0xfffffffe
						 *((intOrPtr*)(_t162 + 0x20)) =  *_t43;
						_t45 = _t169 + 0x34; // 0x0
						 *((intOrPtr*)(_t162 + 0x24)) =  *_t45;
						_t47 = _t169 + 0x38; // 0x6f564794
						 *((intOrPtr*)(_t162 + 0x28)) =  *_t47;
						_t49 = _t169 + 0x40; // 0x0
						 *((intOrPtr*)(_t162 + 0x2c)) =  *_t49;
						_t51 = _t169 + 0x44; // 0x6f5647bb
						 *((intOrPtr*)(_t162 + 0x30)) =  *_t51;
						_t53 = _t169 + 0x48; // 0xffffffe4
						 *((intOrPtr*)(_t162 + 0x34)) =  *_t53;
						_t55 = _t169 + 0x4c; // 0x0
						 *((intOrPtr*)(_t162 + 0x38)) =  *_t55;
						_t57 = _t169 + 0x50; // 0xfffffecc
						 *((intOrPtr*)(_t162 + 0x3c)) =  *_t57;
						 *((intOrPtr*)(_t162 + 0x40)) = 0;
						 *((intOrPtr*)(_t162 + 0x44)) = 0;
						 *((intOrPtr*)(_t162 + 0x48)) = 0;
						 *((intOrPtr*)(_t162 + 0x4c)) = 0;
						_t63 = _t169 + 0x58; // 0xfffffffe
						 *((intOrPtr*)(_t162 + 0x50)) =  *_t63;
						if( *(_t169 + 8) != 0) {
							_t66 = _t169 + 8; // 0xffffff98
							_t67 = _t169 + 0xc; // 0x0
							memcpy(_t171,  *_t67 + _v8,  *_t66);
							_t175 = _t175 + 0xc;
							 *(_a4 + 0x40) = _t171;
							_t71 = _t169 + 8; // 0xffffff98
							_t174 = _t171 +  *_t71;
							 *_t174 = 0;
							_t171 = _t174 + 2;
						}
						if( *(_t169 + 0x14) != 0) {
							_t73 = _t169 + 0x14; // 0x0
							_t74 = _t169 + 0x18; // 0x6f564765
							memcpy(_t171,  *_t74 + _v8,  *_t73);
							_t175 = _t175 + 0xc;
							 *(_a4 + 0x44) = _t171;
							_t78 = _t169 + 0x14; // 0x0
							_t173 = _t171 +  *_t78;
							 *_t173 = 0;
							_t171 = _t173 + 2;
						}
						if( *(_t169 + 0x28) != 0) {
							_t80 = _t169 + 0x28; // 0xffffffc4
							_t81 = _t169 + 0x2c; // 0x0
							memcpy(_t171,  *_t81 + _v8,  *_t80);
							_t175 = _t175 + 0xc;
							 *(_a4 + 0x48) = _t171;
							_t85 = _t169 + 0x28; // 0xffffffc4
							_t172 = _t171 +  *_t85;
							 *_t172 = 0;
							_t171 = _t172 + 2;
						}
						if( *(_t169 + 0x50) != 0) {
							_t87 = _t169 + 0x50; // 0xfffffecc
							_t88 = _t169 + 0x54; // 0x0
							memcpy(_t171,  *_t88 + _v8,  *_t87);
							 *(_a4 + 0x4c) = _t171;
							_t92 = _t169 + 0x50; // 0xfffffecc
							 *((short*)(_t171 +  *_t92)) = 0;
						}
						_t128 = _a12;
						if(_t128 != 0) {
							 *_t128 = _t155;
						}
						return 0;
					} else {
						if(_t170 != 0) {
							 *_t170 = _t155;
						}
						return 0xc0000023;
					}
				} else {
					_push( *((intOrPtr*)(_t96 + _t165 + 8)));
					_push(_t167);
					E6F585720(0x33, 0, "SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context\n", "RtlpQueryAssemblyInformationActivationContextDetailedInformation");
					return 0xc000000d;
				}
			}

























                                                                                  0x6f5844a0
                                                                                  0x6f5844a4
                                                                                  0x6f5844a6
                                                                                  0x6f5844ad
                                                                                  0x6f5844b1
                                                                                  0x6f5844b6
                                                                                  0x6f5844b8
                                                                                  0x6f5844b8
                                                                                  0x6f5844ba
                                                                                  0x6f5844c1
                                                                                  0x6f5844c7
                                                                                  0x6f5844f0
                                                                                  0x6f5844fa
                                                                                  0x6f5844fe
                                                                                  0x6f584500
                                                                                  0x6f584504
                                                                                  0x6f584506
                                                                                  0x6f584507
                                                                                  0x6f58450a
                                                                                  0x6f58450b
                                                                                  0x6f58450c
                                                                                  0x6f58450d
                                                                                  0x6f584513
                                                                                  0x6f584517
                                                                                  0x6f584523
                                                                                  0x00000000
                                                                                  0x6f584698
                                                                                  0x6f584529
                                                                                  0x6f584529
                                                                                  0x6f58452e
                                                                                  0x6f584530
                                                                                  0x6f584530
                                                                                  0x6f584530
                                                                                  0x6f584533
                                                                                  0x6f584533
                                                                                  0x6f584538
                                                                                  0x6f58453d
                                                                                  0x6f58453d
                                                                                  0x6f58453f
                                                                                  0x6f58453f
                                                                                  0x6f584544
                                                                                  0x6f584549
                                                                                  0x6f584549
                                                                                  0x6f58454b
                                                                                  0x6f58454b
                                                                                  0x6f584550
                                                                                  0x6f584555
                                                                                  0x6f584555
                                                                                  0x6f58455a
                                                                                  0x6f58456c
                                                                                  0x6f58456f
                                                                                  0x6f584572
                                                                                  0x6f584574
                                                                                  0x6f584574
                                                                                  0x6f584577
                                                                                  0x6f58457a
                                                                                  0x6f58457d
                                                                                  0x6f584580
                                                                                  0x6f584583
                                                                                  0x6f584586
                                                                                  0x6f584589
                                                                                  0x6f58458c
                                                                                  0x6f58458f
                                                                                  0x6f584592
                                                                                  0x6f584595
                                                                                  0x6f584598
                                                                                  0x6f58459b
                                                                                  0x6f58459e
                                                                                  0x6f5845a1
                                                                                  0x6f5845a4
                                                                                  0x6f5845a7
                                                                                  0x6f5845aa
                                                                                  0x6f5845ad
                                                                                  0x6f5845b0
                                                                                  0x6f5845b3
                                                                                  0x6f5845b6
                                                                                  0x6f5845b9
                                                                                  0x6f5845bc
                                                                                  0x6f5845bf
                                                                                  0x6f5845c2
                                                                                  0x6f5845c5
                                                                                  0x6f5845c8
                                                                                  0x6f5845cb
                                                                                  0x6f5845ce
                                                                                  0x6f5845d3
                                                                                  0x6f5845d6
                                                                                  0x6f5845d9
                                                                                  0x6f5845dc
                                                                                  0x6f5845df
                                                                                  0x6f5845e2
                                                                                  0x6f5845e9
                                                                                  0x6f5845eb
                                                                                  0x6f5845ee
                                                                                  0x6f5845f6
                                                                                  0x6f5845fe
                                                                                  0x6f584601
                                                                                  0x6f584606
                                                                                  0x6f584606
                                                                                  0x6f584609
                                                                                  0x6f58460c
                                                                                  0x6f58460c
                                                                                  0x6f584613
                                                                                  0x6f584615
                                                                                  0x6f584618
                                                                                  0x6f584620
                                                                                  0x6f584628
                                                                                  0x6f58462b
                                                                                  0x6f584630
                                                                                  0x6f584630
                                                                                  0x6f584633
                                                                                  0x6f584636
                                                                                  0x6f584636
                                                                                  0x6f58463d
                                                                                  0x6f58463f
                                                                                  0x6f584642
                                                                                  0x6f58464a
                                                                                  0x6f584652
                                                                                  0x6f584655
                                                                                  0x6f58465a
                                                                                  0x6f58465a
                                                                                  0x6f58465d
                                                                                  0x6f584660
                                                                                  0x6f584660
                                                                                  0x6f584667
                                                                                  0x6f584669
                                                                                  0x6f58466c
                                                                                  0x6f584674
                                                                                  0x6f584681
                                                                                  0x6f584684
                                                                                  0x6f584687
                                                                                  0x6f584687
                                                                                  0x6f58468b
                                                                                  0x6f584690
                                                                                  0x6f584692
                                                                                  0x6f584692
                                                                                  0x00000000
                                                                                  0x6f58455c
                                                                                  0x6f58455e
                                                                                  0x6f584560
                                                                                  0x6f584560
                                                                                  0x00000000
                                                                                  0x6f584562
                                                                                  0x6f5844c9
                                                                                  0x6f5844c9
                                                                                  0x6f5844cd
                                                                                  0x6f5844db
                                                                                  0x00000000
                                                                                  0x6f5844e3

                                                                                  APIs
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context,RtlpQueryAssemblyInformationActivationContextDetailedInformation,?,?,6F5417F0,00000000,?,?), ref: 6F5844DB
                                                                                    • Part of subcall function 6F521D47: memset.BCCB(00000000,00000000,6F5417F0,?,00000001,00000000,?,6F4F8D70,00000000,?,?,00000030,?,?,00000001,?), ref: 6F521D87
                                                                                  • memcpy.BCCB(00000059,-00000F38,FFFFFF98,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6F5417F0,00000000,?,?), ref: 6F5845F6
                                                                                  • memcpy.BCCB(00000059,-00000F38,00000000,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6F5417F0,00000000,?,?), ref: 6F584620
                                                                                  • memcpy.BCCB(00000059,-00000F38,FFFFFFC4,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6F5417F0,00000000,?,?), ref: 6F58464A
                                                                                  • memcpy.BCCB(00000059,-00000F38,FFFFFECC,00000001,C00000E5,?,00000058,?,00000000,00000001,-00000F38,?,6F5417F0,00000000,?,?), ref: 6F584674
                                                                                  Strings
                                                                                  • RtlpQueryAssemblyInformationActivationContextDetailedInformation, xrefs: 6F5844CE
                                                                                  • SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context, xrefs: 6F5844D3
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy$Printmemset
                                                                                  • String ID: RtlpQueryAssemblyInformationActivationContextDetailedInformation$SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context
                                                                                  • API String ID: 3378804984-1390252366
                                                                                  • Opcode ID: c74873e98e18be200290a5889600f3351417e95e07724e1fbc4a7235aeb2de72
                                                                                  • Instruction ID: 913e968a78574bb24e9f0bf5fafc629c9929901c883a51ad7f7a54c79167b37b
                                                                                  • Opcode Fuzzy Hash: c74873e98e18be200290a5889600f3351417e95e07724e1fbc4a7235aeb2de72
                                                                                  • Instruction Fuzzy Hash: F781E7B5A00616EFD754CF29C880A99B7F4FF58318B15456AE818DB701E332F9A2CF94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F42EB, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlImageNtHeaderEx.BCCB(00000003,?,00000000,00000000,?,?,?,00000000,?,?,?,6F4F4176,00000003,?,00000000,00000000), ref: 6F4F4303
                                                                                  • _strnicmp.BCCB(?,secserv.dll,0000000C,00000003,?,00000000,00000000,?,?,?,00000000,?,?,?,6F4F4176,00000003), ref: 6F4F4340
                                                                                  • strncmp.BCCB(?,.txt,00000005), ref: 6F5506DD
                                                                                  • strncmp.BCCB(?,.txt2,00000006), ref: 6F5506F7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: strncmp$HeaderImage_strnicmp
                                                                                  • String ID: .txt$.txt2$secserv.dll
                                                                                  • API String ID: 290936131-436433099
                                                                                  • Opcode ID: 56a96df3d0b948f26d34ebc5081c9d098cf0fe876d102f5c99cc233e01cc342a
                                                                                  • Instruction ID: 6295355761e64bced0914c7c50557c9c7ab8de27e7916d87b70b080eea8409a8
                                                                                  • Opcode Fuzzy Hash: 56a96df3d0b948f26d34ebc5081c9d098cf0fe876d102f5c99cc233e01cc342a
                                                                                  • Instruction Fuzzy Hash: F121B470E0521AB7DB14CF65C990E9FB7B9BFC0388F10553AE509AB640F730AD56DA90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F500C30, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 77COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(6F5E8550,?,?,00000000,000000FF,6F5CF868,00000038,6F4FF563), ref: 6F500C6F
                                                                                  • RtlReleaseSRWLockShared.BCCB(6F5E8550,6F5E8550,?,?,00000000,000000FF,6F5CF868,00000038,6F4FF563), ref: 6F500C98
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: LockShared$AcquireRelease
                                                                                  • String ID: Calling TLS callback %p for DLL "%wZ" at %p$LdrpCallTlsInitializers$hS^o$hS^o$minkernel\ntdll\ldrtls.c
                                                                                  • API String ID: 2614130328-142738157
                                                                                  • Opcode ID: e88c83336dbf4c5480c1f955e9ae7ac834707c0880880ab70a832e809e9b62db
                                                                                  • Instruction ID: ee4482981168fb2db72534e649df636c58958626e682fed1057fb0c7fe2ce326
                                                                                  • Opcode Fuzzy Hash: e88c83336dbf4c5480c1f955e9ae7ac834707c0880880ab70a832e809e9b62db
                                                                                  • Instruction Fuzzy Hash: 1C21A172D04B55BBDB10DF58C981F9AFBB5FF49724F11063AE82567680E770BC048A91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F41F7, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77stringCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlImageNtHeaderEx.BCCB(00000003,?,00000000,00000000,?,?,?,00000000), ref: 6F4F4214
                                                                                  • strncmp.BCCB(?,.aspack,00000008,00000003,?,00000000,00000000,?,?,?,00000000), ref: 6F4F4249
                                                                                  • strncmp.BCCB(?,.pcle,00000006,?,?,00000000), ref: 6F4F4261
                                                                                  • strncmp.BCCB(?,.sforce,00000008,?,?,?,?,?,00000000), ref: 6F4F4279
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: strncmp$HeaderImage
                                                                                  • String ID: .aspack$.pcle$.sforce
                                                                                  • API String ID: 3137002299-3067156003
                                                                                  • Opcode ID: 0888d715500ca369dd41a7a4af8bef2401f77ea27ae6d1961922073df52ee6e8
                                                                                  • Instruction ID: 5b8d17e2fba392f8d10e74a4f06ae088de3a576bd39ce61c8f1ea109089ab062
                                                                                  • Opcode Fuzzy Hash: 0888d715500ca369dd41a7a4af8bef2401f77ea27ae6d1961922073df52ee6e8
                                                                                  • Instruction Fuzzy Hash: A321D731A01304A6F7108F55DE81F9B73A5AF843D8F018077ED4896695EA35ED92C691
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F50EC7F, Relevance: 12.3, APIs: 8, Instructions: 256memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E84D8,6F5417F0,00000000,?,6F51F715,6F51F5C0,?,?,?,00000001,-00000F38), ref: 6F50ECAD
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E84D8,6F5E84D8,6F5417F0,00000000,?,6F51F715,6F51F5C0,?,?,?,00000001,-00000F38), ref: 6F50ECD2
                                                                                  • RtlFreeHeap.BCCB(00000000,?,6F5E84D8,6F5E84D8,6F5417F0,00000000,?,6F51F715,6F51F5C0,?,?,?,00000001,-00000F38), ref: 6F50ED04
                                                                                  • RtlReleaseActivationContext.BCCB(-00000F38,6F5E84D8,6F5E84D8,6F5417F0,00000000,?,6F51F715,6F51F5C0,?,?,?,00000001,-00000F38), ref: 6F50ED28
                                                                                  • _wcsicmp.BCCB(6F5CFE98,?,6F5CFB78,00000030,6F5E84D8,6F5417F0,00000000,?,6F51F715,6F51F5C0,?,?,?,00000001,-00000F38), ref: 6F50EE13
                                                                                  • _wcsicmp.BCCB(6F5CFE98,?,6F5CFB78,00000030,6F5E84D8,6F5417F0,00000000,?,6F51F715,6F51F5C0,?,?,?,00000001,-00000F38), ref: 6F50EE74
                                                                                  • RtlFreeHeap.BCCB(00000000,?,6F5417F0,6F51F715,6F51F5C0,?,?,?,00000001,-00000F38), ref: 6F52C28C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveFreeHeapLockRelease_wcsicmp$AcquireActivationContext
                                                                                  • String ID:
                                                                                  • API String ID: 176173115-0
                                                                                  • Opcode ID: 989d9a774d345dba316922d9a70aacf6cf650b1a305e4bcdebf770f1ca8236d2
                                                                                  • Instruction ID: 0be88fdc0292a74957de0e08e9fef1f626b1b2706c9a3e8139fd629bc9560ebb
                                                                                  • Opcode Fuzzy Hash: 989d9a774d345dba316922d9a70aacf6cf650b1a305e4bcdebf770f1ca8236d2
                                                                                  • Instruction Fuzzy Hash: 0E81D231A042059BCB18EF6DD954A9AB7F2FF85318F24863EE455AB290E770BC42CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F7220, Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __isascii.BCCB(0000000A,?), ref: 6F4F7275
                                                                                  • isdigit.BCCB(00000000,?), ref: 6F4F7283
                                                                                  • __isascii.BCCB(0000000A,?), ref: 6F552467
                                                                                  • isdigit.BCCB(00000000,?), ref: 6F552475
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: __isasciiisdigit
                                                                                  • String ID:
                                                                                  • API String ID: 2481201981-0
                                                                                  • Opcode ID: e771dca78fbc8ddd08a32bc929b91691745e8c0cf08f5b9a26b9a66b021ee395
                                                                                  • Instruction ID: 30ee31d6fdc51a9ab3c52d838d45d5e986f4f38da9b9c386ded88691c170ba59
                                                                                  • Opcode Fuzzy Hash: e771dca78fbc8ddd08a32bc929b91691745e8c0cf08f5b9a26b9a66b021ee395
                                                                                  • Instruction Fuzzy Hash: 5A71D831A0821A8BDB04CAACC950AFE77F2AFC6300F61466BE459E7681D73CDD528760
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F50F820, Relevance: 12.1, APIs: 8, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memcmp.BCCB(00000030,6F4D5138,00000010,00000000,00000001,-00000001), ref: 6F50F84C
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(00000024,00000000,00000000,00000000,00000001,-00000001), ref: 6F50F883
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E86AC,00000024,00000000,00000000,00000000,00000001,-00000001), ref: 6F50F8C6
                                                                                    • Part of subcall function 6F524D3B: memset.BCCB(?,00000000,000000A0,00000000,00000000,00000024), ref: 6F524D77
                                                                                    • Part of subcall function 6F524D3B: RtlRunOnceExecuteOnce.BCCB(6F5E86B0,6F525690,00000000,00000000,00000000,00000000,00000024), ref: 6F524D9E
                                                                                    • Part of subcall function 6F524D3B: ZwTraceControl.BCCB(0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6F524DE9
                                                                                    • Part of subcall function 6F524D3B: memcmp.BCCB(00000000,6F4D5138,00000010,0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6F524E26
                                                                                  • RtlRbInsertNodeEx.BCCB(6F5E86DC,?,00000000,00000000), ref: 6F50F931
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E86AC,6F5E86DC,?,00000000,00000000), ref: 6F50F93B
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(00000024,6F5E86AC,6F5E86DC,?,00000000,00000000), ref: 6F50F94F
                                                                                    • Part of subcall function 6F52BC2C: RtlAcquireSRWLockExclusive.BCCB(?,00000030,00000000,-00000001,6F50F875,00000000,00000000,00000000,00000001,-00000001), ref: 6F52BC79
                                                                                    • Part of subcall function 6F52BC2C: RtlReleaseSRWLockExclusive.BCCB(?,?,00000030,00000000,-00000001,6F50F875,00000000,00000000,00000000,00000001,-00000001), ref: 6F52BC8D
                                                                                    • Part of subcall function 6F52BC2C: RtlAllocateHeap.BCCB(?,00000008,000000D0,?,?,00000030,00000000,-00000001,6F50F875,00000000,00000000,00000000,00000001,-00000001), ref: 6F52BCA6
                                                                                  • RtlSetLastWin32Error.BCCB(00000057,00000000,00000001,-00000001), ref: 6F50F996
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(00000024,0000000A,00000024,00000000,00000000,00000000,00000001,-00000001), ref: 6F55BD78
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$Acquire$Oncememcmp$AllocateControlErrorExecuteHeapInsertLastNodeTraceWin32memset
                                                                                  • String ID:
                                                                                  • API String ID: 3014906823-0
                                                                                  • Opcode ID: 23da0f6b8541db9893e506c2c5df2ab57e12dbcb694fc718085d9bd9a75576f5
                                                                                  • Instruction ID: bd8cdd5e276a5b1066ab4932df111a1f91cc9a7bc28831718422860ee0de4891
                                                                                  • Opcode Fuzzy Hash: 23da0f6b8541db9893e506c2c5df2ab57e12dbcb694fc718085d9bd9a75576f5
                                                                                  • Instruction Fuzzy Hash: D641E871508706ABD711EF28C940B9BB7E4EF86315F044A3AE8549B284DB34EC14CBEA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F5C07, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 452COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _wcsnicmp.BCCB(?,xl--,00000004,?,?,?,?), ref: 6F4F5CC7
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: _wcsnicmp
                                                                                  • String ID: $$$$H$xl--$xn--
                                                                                  • API String ID: 1886669725-662589111
                                                                                  • Opcode ID: 981e9a71210381738df93dd08c7cf95ec4104d4a104f0b0c482ad0cebc58123d
                                                                                  • Instruction ID: 15a13be8c463014e5b664a599cc4b462c5afe0d611b870d8997aa2227254c699
                                                                                  • Opcode Fuzzy Hash: 981e9a71210381738df93dd08c7cf95ec4104d4a104f0b0c482ad0cebc58123d
                                                                                  • Instruction Fuzzy Hash: 88F1D471E022499BDF14CF6CC484BDDBBB1AF84314F24C56BD955ABA84E730AD82CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5174C0, Relevance: 10.8, APIs: 7, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEqualUnicodeString.BCCB(?,6F4D1040,00000001,?,?,00000000), ref: 6F51769A
                                                                                  • RtlEqualUnicodeString.BCCB(?,6F4D1050,00000001,?,6F4D1040,00000001,?,?,00000000), ref: 6F5176AE
                                                                                  • RtlEqualUnicodeString.BCCB(?,6F4D1048,00000001,?,6F4D1050,00000001,?,6F4D1040,00000001,?,?,00000000), ref: 6F5176C2
                                                                                  • RtlEqualUnicodeString.BCCB(?,6F4D1058,00000001,?,6F4D1048,00000001,?,6F4D1050,00000001,?,6F4D1040,00000001,?,?,00000000), ref: 6F5176D6
                                                                                  • RtlEqualUnicodeString.BCCB(?,6F4D1060,00000001,6F4D1068,00000001,6F4D18F8,00000001), ref: 6F517700
                                                                                  • iswdigit.BCCB(000E6F4D,6F4D1048,00000001,?,6F4D1050,00000001,?,6F4D1040,00000001,?,?,00000000), ref: 6F51771D
                                                                                  • RtlEqualUnicodeString.BCCB(?,6F4D18F8,00000001), ref: 6F55F9B0
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: EqualStringUnicode$iswdigit
                                                                                  • String ID:
                                                                                  • API String ID: 3246613909-0
                                                                                  • Opcode ID: 0b60e36b4f553a86ed5700e9b060b041137d4c3876b16062029c06fa9ccc147d
                                                                                  • Instruction ID: 0ecfe924773f8be4c0dc341f6aa1674cf78dc547feae0aee7774f43b3524f1c9
                                                                                  • Opcode Fuzzy Hash: 0b60e36b4f553a86ed5700e9b060b041137d4c3876b16062029c06fa9ccc147d
                                                                                  • Instruction Fuzzy Hash: A081147180C22587FF20DA6CE490AFDB3B2EF46304F514937E8A5DB580E731BD898291
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F52513A, Relevance: 10.8, APIs: 7, Instructions: 258timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,?,-00000054,6F5E86CC,?,000000FF,?,000000A0,?), ref: 6F525234
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 3446177414-0
                                                                                  • Opcode ID: 6a60c725517e4747aa80b8ddd0c3506c6ce6594226d5e5fd7f39fb7e64b3712a
                                                                                  • Instruction ID: 610613c15c919c47c0f105f37396e33f83e4f75f04b47600743df2e8ccaa8975
                                                                                  • Opcode Fuzzy Hash: 6a60c725517e4747aa80b8ddd0c3506c6ce6594226d5e5fd7f39fb7e64b3712a
                                                                                  • Instruction Fuzzy Hash: 84C115755093819FD354CF28C580A5AFBF1BF89308F144A6EF8A98B3A2D771E945CB42
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F0B60, Relevance: 10.7, APIs: 7, Instructions: 234COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlIpv6StringToAddressW.BCCB(?,?,00000000,00000000), ref: 6F4F0BAA
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AddressIpv6String
                                                                                  • String ID:
                                                                                  • API String ID: 27538981-0
                                                                                  • Opcode ID: b690b3803644220c55924738faed87d42b98be9f139281c8459cf90186e800ac
                                                                                  • Instruction ID: afd4d3aa7e6cf3c7a9d491f4e389ec1d40378be500a698fd2eff8ae05adba34d
                                                                                  • Opcode Fuzzy Hash: b690b3803644220c55924738faed87d42b98be9f139281c8459cf90186e800ac
                                                                                  • Instruction Fuzzy Hash: EE6137B2A402119BEB38CAACDC41BBE73F1AFD5728F50457AE455EB3D0E7349E428650
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F8D29, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memcpy.BCCB(-00000030,?,00000000,?,00000000,?,?,6F5417F0,00000000,?,00000000,?), ref: 6F4F8E86
                                                                                  • memcpy.BCCB(-00000030,?,?,?,00000000,?,?,6F5417F0,00000000,?,00000000,?), ref: 6F4F8EBF
                                                                                  Strings
                                                                                  • SXS: %s() found activation context data at %p with assembly roster that has no root, xrefs: 6F553491
                                                                                  • RtlpQueryInformationActivationContextDetailedInformation, xrefs: 6F55348C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy
                                                                                  • String ID: RtlpQueryInformationActivationContextDetailedInformation$SXS: %s() found activation context data at %p with assembly roster that has no root
                                                                                  • API String ID: 3510742995-1732449319
                                                                                  • Opcode ID: 1fc4dd55ce8d0191f59fbd6589c4aaa828b66b5c3600ac13589c5648ae9e92bb
                                                                                  • Instruction ID: 395117e853a69192a36333eaa228c5adedaace58c7429610be9d34b2d9d75017
                                                                                  • Opcode Fuzzy Hash: 1fc4dd55ce8d0191f59fbd6589c4aaa828b66b5c3600ac13589c5648ae9e92bb
                                                                                  • Instruction Fuzzy Hash: D87118B1A00219AFDB04CF59C880E9AB7F5FF98318F254199E819DB351D331ED96CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5120A0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlRaiseException.BCCB(?), ref: 6F55D009
                                                                                  • RtlRaiseException.BCCB(C0150010), ref: 6F55D07A
                                                                                  • DbgPrintEx.BCCB(00000033,00000002,SXS: %s() Active frame is not the frame being deactivated %p != %p,RtlDeactivateActivationContextUnsafeFast,?,0000002C,?,00000000,000000FF), ref: 6F55D127
                                                                                  • RtlRaiseException.BCCB(C0150010), ref: 6F55D1C7
                                                                                  Strings
                                                                                  • SXS: %s() Active frame is not the frame being deactivated %p != %p, xrefs: 6F55D116
                                                                                  • RtlDeactivateActivationContextUnsafeFast, xrefs: 6F55D111
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExceptionRaise$Print
                                                                                  • String ID: RtlDeactivateActivationContextUnsafeFast$SXS: %s() Active frame is not the frame being deactivated %p != %p
                                                                                  • API String ID: 3901562751-4142264681
                                                                                  • Opcode ID: f189080b17125fb3502f609de6d978f62c4bfdd3aecf56e4d69585bc46b26e66
                                                                                  • Instruction ID: 01c5d2512bf382ce1bf5f1a82c8b34e37c3cabf7177adc55e6bd59f60950de99
                                                                                  • Opcode Fuzzy Hash: f189080b17125fb3502f609de6d978f62c4bfdd3aecf56e4d69585bc46b26e66
                                                                                  • Instruction Fuzzy Hash: D48117B150C305DFE350CF29C48070AFBE1BF89348F505A2EE5999B251E375E98ACB96
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F50A500, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 172COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlValidSid.BCCB(00000050,?), ref: 6F50A523
                                                                                  • wcscpy_s.BCCB(?,00000100,S-1-,?,00000050,?), ref: 6F50A54A
                                                                                    • Part of subcall function 6F50A6C0: memcpy.BCCB(00000000,?,?,?,00000050,?,00000000), ref: 6F50A781
                                                                                  • memcpy.BCCB(?,?,00000000,00000000,000000FC,?,?,00000050,?), ref: 6F50A663
                                                                                  • RtlCreateUnicodeString.BCCB(?,?,00000000,000000FC,?,?,00000050,?), ref: 6F50A6A3
                                                                                  • wcscat_s.BCCB(?,00000100,6F4E292C,?,00000050,?), ref: 6F55A2DB
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy$CreateStringUnicodeValidwcscat_swcscpy_s
                                                                                  • String ID: S-1-
                                                                                  • API String ID: 1445283056-1273753892
                                                                                  • Opcode ID: ef2892cee79fc12131fdab2d324e25971e1a6543ee5c71df40d103c22b51f2fb
                                                                                  • Instruction ID: e78f1bdbb1152c690761b8c6dddd2e3559d1a290e56a9eec7492404d382ca526
                                                                                  • Opcode Fuzzy Hash: ef2892cee79fc12131fdab2d324e25971e1a6543ee5c71df40d103c22b51f2fb
                                                                                  • Instruction Fuzzy Hash: 7B511BB2D042656ADB24DB38CC547B9FBF4AF45700F0542BAE869D7281E334AE94CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4FCCC0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 134COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrint.BCCB(RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?,?,?,-00000F38,00000000,?,?), ref: 6F554E05
                                                                                  • DbgPrint.BCCB(RTL: Edit ntos\rtl\generr.c to correct the problem,?,?,?,-00000F38,00000000,?,?), ref: 6F554E0F
                                                                                  • DbgPrint.BCCB(RTL: ERROR_MR_MID_NOT_FOUND is being returned,?,-00000F38,00000000,?,?), ref: 6F554E1C
                                                                                  Strings
                                                                                  • RTL: ERROR_MR_MID_NOT_FOUND is being returned, xrefs: 6F554E17
                                                                                  • RTL: Edit ntos\rtl\generr.c to correct the problem, xrefs: 6F554E0A
                                                                                  • RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping, xrefs: 6F554E00
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: RTL: ERROR_MR_MID_NOT_FOUND is being returned$RTL: Edit ntos\rtl\generr.c to correct the problem$RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping
                                                                                  • API String ID: 3558298466-1070408152
                                                                                  • Opcode ID: 6495bc69e6bba85c3a09798ef2d8bbb914c45fdf97c461b77ca606ce3edbe522
                                                                                  • Instruction ID: e4473995acc16f814044f471cd244fec8ff1cf70014a9e6c402d4dca4db90c52
                                                                                  • Opcode Fuzzy Hash: 6495bc69e6bba85c3a09798ef2d8bbb914c45fdf97c461b77ca606ce3edbe522
                                                                                  • Instruction Fuzzy Hash: DB412876B096158AD714CF68E850FBDBBA6EB85320F00423FE61AC7FC0D7396961C291
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F649B, Relevance: 10.6, APIs: 7, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlLcidToLocaleName.BCCB(?,?,00000002,00000000), ref: 6F4F64F1
                                                                                  • RtlGetParentLocaleName.BCCB(00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6F4F651A
                                                                                  • RtlLocaleNameToLcid.BCCB(?,00000006,00000003,00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6F4F656D
                                                                                  • RtlLcidToLocaleName.BCCB(?,?,00000002,00000001,?,?,00000002,00000000), ref: 6F55192B
                                                                                  • RtlGetParentLocaleName.BCCB(00000002,00000002,00000006,00000001,00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6F551962
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: LocaleName$Lcid$Parent
                                                                                  • String ID:
                                                                                  • API String ID: 3691507993-0
                                                                                  • Opcode ID: a56d25a4cc01344bda995dbd549cc769ce570f3404800478c0d25e1bcf0112c3
                                                                                  • Instruction ID: b73023fca4f3f720e19763ad27609c5a16609f083ab28f34240c0d3bd7cfa5f3
                                                                                  • Opcode Fuzzy Hash: a56d25a4cc01344bda995dbd549cc769ce570f3404800478c0d25e1bcf0112c3
                                                                                  • Instruction Fuzzy Hash: BD415B325497069AE311DF28D940A5BB7E9FF85B58F00092AF994D7250E730DE1A8B93
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F52645B, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.BCCB(?,00000000,00000030,?,00000000,00000000), ref: 6F526490
                                                                                  • RtlDebugPrintTimes.BCCB(?,00000030,00000030,00000030), ref: 6F52651A
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,00000000,00000000), ref: 6F526553
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,00000000), ref: 6F526588
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireDebugPrintReleaseTimesmemset
                                                                                  • String ID: 0$0
                                                                                  • API String ID: 3207447552-203156872
                                                                                  • Opcode ID: cf3d66f07e2e79f78a4e878b00ddeac61784b8dcefcb6fea9eead748c1dcf316
                                                                                  • Instruction ID: 986994447e08c0c204e3263a5fca9569a2c19eba76a0e858c695767ec6a07480
                                                                                  • Opcode Fuzzy Hash: cf3d66f07e2e79f78a4e878b00ddeac61784b8dcefcb6fea9eead748c1dcf316
                                                                                  • Instruction Fuzzy Hash: 55413CB26087459FC300CF28C584A56BBE4BB8A718F004A7EF498DB351D731EE45CB86
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F4510, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrint.BCCB(RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?,?,?,00000000,?,6F563AE2,C000000D,?,?,?,00000000,?,00000000,?,?), ref: 6F5508F2
                                                                                  • DbgPrint.BCCB(RTL: Edit ntos\rtl\generr.c to correct the problem,RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?,?,?,00000000,?,6F563AE2,C000000D,?,?,?,00000000,?,00000000,?), ref: 6F5508FC
                                                                                  • DbgPrint.BCCB(RTL: ERROR_MR_MID_NOT_FOUND is being returned,?,?,?,00000000,?,00000000,?,?,?,00000000,?,00000000,?), ref: 6F550909
                                                                                  Strings
                                                                                  • RTL: ERROR_MR_MID_NOT_FOUND is being returned, xrefs: 6F550904
                                                                                  • RTL: Edit ntos\rtl\generr.c to correct the problem, xrefs: 6F5508F7
                                                                                  • RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping, xrefs: 6F5508ED
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: RTL: ERROR_MR_MID_NOT_FOUND is being returned$RTL: Edit ntos\rtl\generr.c to correct the problem$RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping
                                                                                  • API String ID: 3558298466-1070408152
                                                                                  • Opcode ID: 6e94401586f2aba39fba0a1c100c368ed192c586fffefbaa34da165be396399f
                                                                                  • Instruction ID: 4cb9a293fd0eaf3137b1244687c5fa7cb9318bea25ddf26d22f32a561904d3f8
                                                                                  • Opcode Fuzzy Hash: 6e94401586f2aba39fba0a1c100c368ed192c586fffefbaa34da165be396399f
                                                                                  • Instruction Fuzzy Hash: D0213B3361611646F714B62CD950F783252A7823E4F001327E718CAFE1EE18D8A3C296
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51B8E4, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • DbgPrint.BCCB(HEAP[%wZ]: ,-0000002C,?,-00000020,?,6F51B7BF,-00010018,?,00000000,?,-00000018,?), ref: 6F562C77
                                                                                  • DbgPrint.BCCB((ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size),?,-00000020,?,6F51B7BF,-00010018,?,00000000,?,-00000018,?), ref: 6F562C8F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print
                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 3558298466-2558761708
                                                                                  • Opcode ID: 48c70c2fa8bce814117b49e8fd6661817c387e88ca42de1ea9be12555718bb49
                                                                                  • Instruction ID: aa81c094c9268636747fcc6b1739510b79f72eaf3a4587564a5c2e2d87a83dfb
                                                                                  • Opcode Fuzzy Hash: 48c70c2fa8bce814117b49e8fd6661817c387e88ca42de1ea9be12555718bb49
                                                                                  • Instruction Fuzzy Hash: FB11DC3130D602ABE718EA28C590F26B3A5EF82724F15827EE04ACB391D730FC42C781
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5C4015, Relevance: 10.5, APIs: 7, Instructions: 49memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(00000001,?,000000A0,?,?,?,6F566D7C,00000001,00000001,00000000,?,?,6F524E1B,0000000F), ref: 6F5C402F
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E86AC,00000001,?,000000A0,?,?,?,6F566D7C,00000001,00000001,00000000,?,?,6F524E1B,0000000F), ref: 6F5C4046
                                                                                    • Part of subcall function 6F512280: RtlDllShutdownInProgress.BCCB(00000000), ref: 6F5122BA
                                                                                    • Part of subcall function 6F512280: ZwWaitForAlertByThreadId.BCCB(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6F5123A3
                                                                                  • RtlRbRemoveNode.BCCB(6F5E86D4,?,6F5E86AC,00000001,?,000000A0,?,?,?,6F566D7C,00000001,00000001,00000000,?,?,6F524E1B), ref: 6F5C4051
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E86AC,6F5E86D4,?,6F5E86AC,00000001,?,000000A0,?,?,?,6F566D7C,00000001,00000001,00000000,?,?), ref: 6F5C4057
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(00000001,6F5E86AC,6F5E86D4,?,6F5E86AC,00000001,?,000000A0,?,?,?,6F566D7C,00000001,00000001,00000000,?), ref: 6F5C4062
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,00000001,6F5E86AC,6F5E86D4,?,6F5E86AC,00000001,?,000000A0,?,?,?,6F566D7C,00000001), ref: 6F5C407C
                                                                                  • RtlFreeHeap.BCCB(?,00000000,?,00000001,6F5E86AC,6F5E86D4,?,6F5E86AC,00000001,?,000000A0,?,?,?,6F566D7C,00000001), ref: 6F5C408C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireFreeHeapRelease$AlertNodeProgressRemoveShutdownThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 83280457-0
                                                                                  • Opcode ID: 1454d392a958db7ee27021c3fbebbb735decc974fd707ad3495d63afe8fca8eb
                                                                                  • Instruction ID: a5d2a19828f3f2c9e90da33c0d96446545fadaf3b18dc909e58a73a7d767300e
                                                                                  • Opcode Fuzzy Hash: 1454d392a958db7ee27021c3fbebbb735decc974fd707ad3495d63afe8fca8eb
                                                                                  • Instruction Fuzzy Hash: BD018F72241A45BFD211AB79CD80E17B7ECFF85764B000239B52887A91CB28FC12C6E5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F5AC0, Relevance: 9.2, APIs: 6, Instructions: 222COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memcpy.BCCB(?,?,00000200,?,000001FF,?,?,?,?), ref: 6F4F5BE1
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3510742995-0
                                                                                  • Opcode ID: 7fd42c2e0005f25dc8e6af1487b5ca027eff75a54b62a260ef0469d88833a3c1
                                                                                  • Instruction ID: 8913b4b69ec04b1508358b215860810dbaca529dc809331bc9f3874110b0cbc6
                                                                                  • Opcode Fuzzy Hash: 7fd42c2e0005f25dc8e6af1487b5ca027eff75a54b62a260ef0469d88833a3c1
                                                                                  • Instruction Fuzzy Hash: 7381C8B1A006199BDB208E28CD40BDA77B5EF85314F0081BBDA19E7680E774EDD2CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5BD8DF, Relevance: 9.2, APIs: 6, Instructions: 160timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(?,000000FE,?,?,?,?,6F5BC9F8,000000FE), ref: 6F5BD9D0
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,000000FE,?,?,?), ref: 6F5BD9E6
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,000000FE,?,?,?,?,6F5BC9F8,000000FE), ref: 6F5BDA0E
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,000000FE,?,?,?), ref: 6F5BDA6A
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,000000FE,?,?,?), ref: 6F5BDA71
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,000000FE,?,?,?), ref: 6F5BDA83
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Lock$ReleaseShared$AcquireExclusive$DebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 675604559-0
                                                                                  • Opcode ID: 820d0a65fee5d0a634a22546bf1bd986c63bbdf027699cecaa9a99fb59b8319e
                                                                                  • Instruction ID: a06b680d438ae17133440aab65c68ee7d492b27114a8b02c49d52df03aa950a6
                                                                                  • Opcode Fuzzy Hash: 820d0a65fee5d0a634a22546bf1bd986c63bbdf027699cecaa9a99fb59b8319e
                                                                                  • Instruction Fuzzy Hash: 7B51D671A0431A9BCB10CF68C8A07AEF7F6AF86368F15467DD865A7281C770ED41CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5C740D, Relevance: 9.1, APIs: 6, Instructions: 141memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlCompareMemory.BCCB(00000018,?,00000000,00000000,00000000,00000000,00000000,00000000,?,6F5714C4,0000000C,?,?,00000000,00000066,00000000), ref: 6F5C743C
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,0000001A,00000000,00000000,00000000,00000000,00000000,?,6F5714C4,0000000C,?,?,00000000,00000066,00000000), ref: 6F5C7464
                                                                                  • memcpy.BCCB(00000018,?,00000000,?,00000008,0000001A,00000000,00000000,00000000,00000000,00000000,?,6F5714C4,0000000C,?,?), ref: 6F5C7484
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,00000018,00000000,00000066,00000000), ref: 6F5C74AC
                                                                                  • memcmp.BCCB(00000066,00000008,00000010,00000018,?,00000000,00000000,00000000,00000000,00000000,00000000,?,6F5714C4,0000000C,?,?), ref: 6F5C7527
                                                                                  • RtlAllocateHeap.BCCB(?,00000008,00000018,00000000,00000066,00000000), ref: 6F5C7546
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap$CompareMemorymemcmpmemcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3500240269-0
                                                                                  • Opcode ID: 53f0b23cde38d8cbdebcfad0d89ab03898b2aa5ba471344c79297c4b5cd44298
                                                                                  • Instruction ID: 817b05813719c2fcf7dc2e1054b167466bf289b181530dbadd7722dcead1c941
                                                                                  • Opcode Fuzzy Hash: 53f0b23cde38d8cbdebcfad0d89ab03898b2aa5ba471344c79297c4b5cd44298
                                                                                  • Instruction Fuzzy Hash: 2D518B71640606EFDB15CF58D580A86BBB5FF45308F14C1BAE9099F262E371ED46CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F5320, Relevance: 9.1, APIs: 6, Instructions: 91timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E85F0), ref: 6F4F5362
                                                                                  • RtlClearBits.BCCB(?,?,00000001,6F5E85F0), ref: 6F4F538E
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,?,00000001,6F5E85F0), ref: 6F4F53A7
                                                                                    • Part of subcall function 6F512280: RtlDllShutdownInProgress.BCCB(00000000), ref: 6F5122BA
                                                                                    • Part of subcall function 6F512280: ZwWaitForAlertByThreadId.BCCB(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6F5123A3
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000001,6F5E85F0), ref: 6F4F53F2
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E85F0,6F5E85F0), ref: 6F4F5400
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,00000001,6F5E85F0), ref: 6F4F5422
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireRelease$AlertBitsClearDebugPrintProgressShutdownThreadTimesWait
                                                                                  • String ID:
                                                                                  • API String ID: 3225401293-0
                                                                                  • Opcode ID: d7f864e49b9f871155cabe46ffcc3015a23be079ef4084ce965915099abefab1
                                                                                  • Instruction ID: c1e878e11d78c087f8041d269dc9e444e09c51a7ad1ff49301e3a263ec0431d5
                                                                                  • Opcode Fuzzy Hash: d7f864e49b9f871155cabe46ffcc3015a23be079ef4084ce965915099abefab1
                                                                                  • Instruction Fuzzy Hash: CE31C17221A701AFC700CF2CC484F9AB3A4AF85315F45856DE8598F792CB31ED46CBA2
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F4439, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 0$Flst
                                                                                  • API String ID: 0-758220159
                                                                                  • Opcode ID: b98fefa321d1e9b2de21b684e18da22b03608b64ac2ef8cb70103d1d008f7595
                                                                                  • Instruction ID: c5faf073a7edd3ce1b7eac34a4cc0a3a06bc1fbf392312ae67a01cfd76d9377d
                                                                                  • Opcode Fuzzy Hash: b98fefa321d1e9b2de21b684e18da22b03608b64ac2ef8cb70103d1d008f7595
                                                                                  • Instruction Fuzzy Hash: 6A4169B1A05648CBDB14CF99C680A9DFBF5FF84358F10802AD159AFA54DB31A986CB80
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F500225, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6F500315: memcpy.BCCB(6F5E7C54,?,00000040,00000000,00000000,000000FF,?,?,6F500254,6F5CF868,00000038,6F4FF563), ref: 6F500371
                                                                                    • Part of subcall function 6F500315: memcpy.BCCB(?,?,?,?,0000FFFF,?,00000000,00000000,000000FF,?,?,6F500254,6F5CF868,00000038,6F4FF563), ref: 6F50042B
                                                                                  • RtlActivateActivationContextUnsafeFast.BCCB ref: 6F5002BA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy$ActivateActivationContextFastUnsafe
                                                                                  • String ID: $$LdrpProcessDetachNode$Uninitializing DLL "%wZ" (Init routine: %p)$minkernel\ntdll\ldrsnap.c
                                                                                  • API String ID: 2422247448-1066784428
                                                                                  • Opcode ID: 6f08c6cf47127a16f2bb1c235002e8d6763314f4a9d3ac375ee5a8fe00d2d5c6
                                                                                  • Instruction ID: 8707514a90f18165249862c809f3d9b5f425f8d04f8381415fc2d97155d623b3
                                                                                  • Opcode Fuzzy Hash: 6f08c6cf47127a16f2bb1c235002e8d6763314f4a9d3ac375ee5a8fe00d2d5c6
                                                                                  • Instruction Fuzzy Hash: A2316970941306DBDB15EF68C984A9EBBB4BF49308F1081BAE401AB280D771AD42CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F57EA20, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E70A0,-00000054,?,00000000,-00000054,?,6F555D18), ref: 6F57EA52
                                                                                  • DbgPrint.BCCB(AVRF: AVrfDllUnloadNotification called for a provider (%p) ,-00000054,6F5E70A0,-00000054,?,00000000,-00000054,?,6F555D18), ref: 6F57EA69
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E70A0,6F5E70A0,-00000054,?,00000000,-00000054,?,6F555D18), ref: 6F57EAB0
                                                                                  Strings
                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 6F57EA64
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeavePrint
                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                  • API String ID: 1203512206-702105204
                                                                                  • Opcode ID: 0d10b7f24a8be126279cb96640777e0132f04ca1ad2268e8d40ca2bdd5a817b4
                                                                                  • Instruction ID: 347ccb2db1bafe54013cb0733c7732cc8dbfcd95f5cd00a945a0d910222ad700
                                                                                  • Opcode Fuzzy Hash: 0d10b7f24a8be126279cb96640777e0132f04ca1ad2268e8d40ca2bdd5a817b4
                                                                                  • Instruction Fuzzy Hash: D111E531601B08ABDB34EF64DD88ADA7BA5FF85268B10013DE81647592CF21AD15CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5A6243, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlpGetUserOrMachineUILanguage4NLS.BCCB(00000001,?,?,?), ref: 6F5A6275
                                                                                    • Part of subcall function 6F5ACF70: RtlInitUnicodeString.BCCB(?,Control Panel\Desktop,?,?,?), ref: 6F5ACFC1
                                                                                    • Part of subcall function 6F5ACF70: ZwOpenKey.BCCB(00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6F5AD0B8
                                                                                    • Part of subcall function 6F5ACF70: RtlInitUnicodeString.BCCB(?,PreferredUILanguages,00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached), ref: 6F5AD0CD
                                                                                    • Part of subcall function 6F5ACF70: ZwClose.BCCB(?,?,?,?), ref: 6F5AD139
                                                                                    • Part of subcall function 6F5ACF70: ZwClose.BCCB(00000000,?,?,?), ref: 6F5AD14E
                                                                                  • RtlInitUnicodeString.BCCB(?,?,00000001,?,?,?), ref: 6F5A62A4
                                                                                  • RtlInitUnicodeString.BCCB(?,?,?,?,00000001,?,?,?), ref: 6F5A62B7
                                                                                  • RtlCompareUnicodeString.BCCB(?,?,00000001,?,?,?,?,00000001,?,?,?), ref: 6F5A62CC
                                                                                    • Part of subcall function 6F509660: RtlCompareUnicodeStrings.BCCB(?,?,00000001,?,?,?,6F553065,?,?,00000001,?,?,00000000,?,00000002,?), ref: 6F509680
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Unicode$String$Init$CloseCompare$Language4MachineOpenRtlpStringsUser
                                                                                  • String ID: U
                                                                                  • API String ID: 3637150059-3372436214
                                                                                  • Opcode ID: 51a30f765f7b9d4b8b1de6abd65ecb5ebe45d7e97f367145c31abcd1520e9701
                                                                                  • Instruction ID: d41ba0a6ad8868d66dcc6cb0bbfd568b74898bd193c162726ca8512f950af721
                                                                                  • Opcode Fuzzy Hash: 51a30f765f7b9d4b8b1de6abd65ecb5ebe45d7e97f367145c31abcd1520e9701
                                                                                  • Instruction Fuzzy Hash: ED11337290172CA6EB60DB658C54FDEB37CAF46304F4045FAD909D7184EB31DE588B62
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F58FDDA, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT(?,00000000,FF676980,000000FF,00000000,00000000,?,?,?,6F54FA1C,00000000,00000004,?,00000000,?,00000000), ref: 6F58FDFA
                                                                                  • DbgPrintEx.BCCB(00000065,00000001,RTL: Enter CriticalSection Timeout (%I64u secs) %d,00000000,?,?,00000000,FF676980,000000FF,00000000,00000000,?,?,?,6F54FA1C,00000000), ref: 6F58FE0A
                                                                                  • DbgPrintEx.BCCB(00000065,00000000,RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u,?,?,00000002,?,00000000,00000004,?,00000000,?,00000000,00000000), ref: 6F58FE34
                                                                                  Strings
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 6F58FE2B
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 6F58FE01
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print$Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                  • API String ID: 545360701-3903918235
                                                                                  • Opcode ID: 2c2425fd21254133a54c3051de8a9aa6c85c79d917a6e56770f2d5be86227f20
                                                                                  • Instruction ID: 5b590650525baa238a491e5d1217f5e65e0c223a166960a85d62b51ae7af6a8c
                                                                                  • Opcode Fuzzy Hash: 2c2425fd21254133a54c3051de8a9aa6c85c79d917a6e56770f2d5be86227f20
                                                                                  • Instruction Fuzzy Hash: 4EF0F632500251BFD7200A59DC01F23BB9AEB84771F144325F638565D1EB62FD6096F0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F513690, Relevance: 7.9, APIs: 5, Instructions: 359COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8f25c8306ad5903c3bfd2fc8c7bf1062b1eca545ddaca34ccadd2ea80df6aeb5
                                                                                  • Instruction ID: 4ec602bab2209075329cfa07ea07ffb027368731566b57f4a7c2da0b2c5c7138
                                                                                  • Opcode Fuzzy Hash: 8f25c8306ad5903c3bfd2fc8c7bf1062b1eca545ddaca34ccadd2ea80df6aeb5
                                                                                  • Instruction Fuzzy Hash: 10D19E76D082698BDB10DFA8C1812EEB7B3FF44710F55412BD891AB284D335BD96CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F1190, Relevance: 7.7, APIs: 5, Instructions: 151COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlIpv4StringToAddressW.BCCB(00000000,?,?,00000000), ref: 6F4F11B9
                                                                                    • Part of subcall function 6F4F11E0: iswctype.BCCB(0000000A,00000004), ref: 6F4F1244
                                                                                  • iswctype.BCCB(00000000,00000004,00000000,?,?,00000000), ref: 6F54EB6B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: iswctype$AddressIpv4String
                                                                                  • String ID:
                                                                                  • API String ID: 1627499474-0
                                                                                  • Opcode ID: fb804841babf00360943d9f994b3b33d5c73eef6988bae1e53c25cbdaf3f4e98
                                                                                  • Instruction ID: 5584fc376cec7da6df97943435e7e21ee43459cf9a572f3d784d292c5d7f06c1
                                                                                  • Opcode Fuzzy Hash: fb804841babf00360943d9f994b3b33d5c73eef6988bae1e53c25cbdaf3f4e98
                                                                                  • Instruction Fuzzy Hash: 79412877A012159BE729CA64DD41BE973F4EF84764F20453AE445DB6C0E738EE42D250
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51DBE9, Relevance: 7.6, APIs: 5, Instructions: 149COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(?,?,?,00000000,?,00000000,?,?,?,00000000,?,00000000,?), ref: 6F51DD0B
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(00000000,?,?,?,00000000,?,00000000,?,?,?,00000000,?,00000000,?), ref: 6F51DD2D
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(00000000,00000000,?,?,?,00000000,?,00000000,?,?,?,00000000,?,00000000,?), ref: 6F51DD46
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireCurrentReleaseServiceSession
                                                                                  • String ID:
                                                                                  • API String ID: 3179239776-0
                                                                                  • Opcode ID: f1cc92dc7d9831163aa771603e556f26300be62f6440ad04ab63debb6f670d4f
                                                                                  • Instruction ID: d6ce7025d6abb1cf3e7c2e90fa63efc1d3dee7e72fcb1152e7776b3673fb7059
                                                                                  • Opcode Fuzzy Hash: f1cc92dc7d9831163aa771603e556f26300be62f6440ad04ab63debb6f670d4f
                                                                                  • Instruction Fuzzy Hash: 7651AE71A09609DFDB04CFA8C580A9EFBF2BF89354F21866AD554AB340DB30BD45CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F52F296, Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6F52F2E0: RtlAcquireSRWLockExclusive.BCCB(6F5E86AC,00000000,00000000,00000000,0000000C,?,6F52F2BF,00000000,00000000,?), ref: 6F52F2F1
                                                                                    • Part of subcall function 6F52F2E0: RtlReleaseSRWLockExclusive.BCCB(6F5E86AC,?,?,6F5E86AC,00000000,00000000,00000000,0000000C,?,6F52F2BF,00000000,00000000,?), ref: 6F52F31B
                                                                                  • RtlAcquireSRWLockShared.BCCB(0000001C,00000000,00000000,?), ref: 6F56BB5B
                                                                                  • RtlReleaseSRWLockShared.BCCB(0000001C,0000001C,00000000,00000000,?), ref: 6F56BBE9
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Lock$AcquireExclusiveReleaseShared
                                                                                  • String ID:
                                                                                  • API String ID: 3474408661-0
                                                                                  • Opcode ID: 683ce1830d67c9416d9326343620ecfe611e568923aecbf8c96c85ceab284956
                                                                                  • Instruction ID: df647f1a4c2a3be5a4d97bcceae654c9519f4cd2e7baa9ce616ce1fbe1276158
                                                                                  • Opcode Fuzzy Hash: 683ce1830d67c9416d9326343620ecfe611e568923aecbf8c96c85ceab284956
                                                                                  • Instruction Fuzzy Hash: 92310975D003149BDB10DF68CC817E9B7B4FF85308F1081BAE849AF286DB716E468B91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51C4A0, Relevance: 7.6, APIs: 5, Instructions: 91timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,00000000,?,00000000,?,?,?,?,?,6F5BC9F8,000000FE), ref: 6F51C4E9
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,00000000,?,00000000,?), ref: 6F51C52D
                                                                                  • TpIsTimerSet.BCCB(?,?,?,00000000,?,00000000,?), ref: 6F51C550
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,00000000,?,00000000,?), ref: 6F562E52
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,00000000,?,00000000,?), ref: 6F562E69
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireDebugPrintTimerTimes
                                                                                  • String ID:
                                                                                  • API String ID: 1747049749-0
                                                                                  • Opcode ID: b80bac28c671bd8dbad6b8b19e1fd17b30799781893ff5de0bfdf19eaf451918
                                                                                  • Instruction ID: 4fe2c7ffd0950ec1396f280efad4d198fc38f29bddce75e9f4fb2e56b31bf9fc
                                                                                  • Opcode Fuzzy Hash: b80bac28c671bd8dbad6b8b19e1fd17b30799781893ff5de0bfdf19eaf451918
                                                                                  • Instruction Fuzzy Hash: 3821E431648318ABEB00DF749858AEF77F59F86358F068979EC615B281DB32BD058B90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5028AE, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(00000000,?,6F5E84D8,6F500924,6F5E84D8,?,6F5E84D8,?,00000000,?,?,?,6F50087C,?,?,?), ref: 6F5028B3
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E5350), ref: 6F5028DA
                                                                                  • RtlGetCurrentServiceSessionId.BCCB(6F5E5350), ref: 6F5028E1
                                                                                  • RtlGetCurrentServiceSessionId.BCCB ref: 6F5576AF
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CurrentServiceSession$CriticalEnterSection
                                                                                  • String ID:
                                                                                  • API String ID: 1555030633-0
                                                                                  • Opcode ID: 31c1e55c8b2ac2ca8db3149b22f69ccd224c8080ef4d6b3836649d123273edc8
                                                                                  • Instruction ID: 03f04611c2ffe860f78ef9970e56529b8148227eea6e9a6977e6bae3a91bb56c
                                                                                  • Opcode Fuzzy Hash: 31c1e55c8b2ac2ca8db3149b22f69ccd224c8080ef4d6b3836649d123273edc8
                                                                                  • Instruction Fuzzy Hash: DE21F3356497849BF722977CED04F143BA4AF41778F2607B2E9309B6E2DB68BC408610
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F500541, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 170COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlImageNtHeaderEx.BCCB(00000003,?,00000000,00000000,?,000000AB,?,?,?,?,6F5004FB,6F5CF890,0000001C,6F5003A8,?,00000000), ref: 6F500569
                                                                                  • RtlInitUnicodeString.BCCB(?,VS_VERSION_INFO,00000020,0000005C,0000005C,00000010,00000000,00000010,?,00000001,?,00000010,?,00000010,?,00000010), ref: 6F5006E7
                                                                                  • RtlCompareUnicodeString.BCCB(?,6F5CF890,00000000,6F5003A8,?,VS_VERSION_INFO,00000020,0000005C,0000005C,00000010,00000000,00000010,?,00000001,?,00000010), ref: 6F500717
                                                                                    • Part of subcall function 6F509660: RtlCompareUnicodeStrings.BCCB(?,?,00000001,?,?,?,6F553065,?,?,00000001,?,?,00000000,?,00000002,?), ref: 6F509680
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Unicode$CompareString$HeaderImageInitStrings
                                                                                  • String ID: VS_VERSION_INFO
                                                                                  • API String ID: 1271209012-1537192461
                                                                                  • Opcode ID: cdc23c567bbc9d26dd9f0bc211e2cd931d8f463e75ca21fd3ef2dc5839c7b1b8
                                                                                  • Instruction ID: 865445f12147c6c2698981390260181a938d779722b9ef9c1188f62276144099
                                                                                  • Opcode Fuzzy Hash: cdc23c567bbc9d26dd9f0bc211e2cd931d8f463e75ca21fd3ef2dc5839c7b1b8
                                                                                  • Instruction Fuzzy Hash: 6B51BF31A00315AAEB10EFA5CC50BEEB7B8AF94644F14A57B9964DB6C0EB74ED01CF50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F1390, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6F4F1783: RtlAcquireSRWLockExclusive.BCCB(?,6F4F13C0,6F5CF288,00000044), ref: 6F4F1793
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,6F5CF288,00000044), ref: 6F4F1462
                                                                                    • Part of subcall function 6F4F1986: RtlIsValidIndexHandle.BCCB(?,?,00000000,?,?,6F4F13F2,6F5CF288,00000044), ref: 6F4F1995
                                                                                  • memcpy.BCCB(?,0000000E,?,6F5CF288,00000044), ref: 6F4F143D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireHandleIndexReleaseValidmemcpy
                                                                                  • String ID: #%u
                                                                                  • API String ID: 1422088098-232158463
                                                                                  • Opcode ID: 97d9e37767b76e8841f52f71c2025829aa008cb402f74b1b9f4e3a0b5e6cc5f2
                                                                                  • Instruction ID: c0aadaee018775700922d39337ede867d5d8db40f60f4bb75df81cbd6d74852a
                                                                                  • Opcode Fuzzy Hash: 97d9e37767b76e8841f52f71c2025829aa008cb402f74b1b9f4e3a0b5e6cc5f2
                                                                                  • Instruction Fuzzy Hash: AF4192B1A05215CBDB10CFA9C840A9EB7B6FFC5714F15416AE819AB780E7B1EC83CB50
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F17B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,6F5CF2C8,00000018), ref: 6F4F17D7
                                                                                  • RtlGetIntegerAtom.BCCB(?,?,?,6F5CF2C8,00000018), ref: 6F4F17F3
                                                                                    • Part of subcall function 6F4F187D: _wcsicmp.BCCB(0000001C,?,?,?,00000000,?,?,?,?), ref: 6F4F1921
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,6F5CF2C8,00000018), ref: 6F4F185D
                                                                                    • Part of subcall function 6F4F1986: RtlIsValidIndexHandle.BCCB(?,?,00000000,?,?,6F4F13F2,6F5CF288,00000044), ref: 6F4F1995
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireAtomHandleIndexIntegerReleaseValid_wcsicmp
                                                                                  • String ID: Atom
                                                                                  • API String ID: 2453091922-2154973765
                                                                                  • Opcode ID: 97763daf2b89c99a208de1c999aaca7b7a8e626ba2e414d8a712d5d16dd8079b
                                                                                  • Instruction ID: fe4795fcac7d405e0b6103a317e28fda33b7aa7757cf20bd4a710d38d1401a9c
                                                                                  • Opcode Fuzzy Hash: 97763daf2b89c99a208de1c999aaca7b7a8e626ba2e414d8a712d5d16dd8079b
                                                                                  • Instruction Fuzzy Hash: 3831C575D11215DBDB00CFA58540AEEB3A6BFC5714B01416AE868AB780D7349D0387E5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F584955, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 6F521D47: memset.BCCB(00000000,00000000,6F5417F0,?,00000001,00000000,?,6F4F8D70,00000000,?,?,00000030,?,?,00000001,?), ref: 6F521D87
                                                                                  • DbgPrintEx.BCCB(00000033,00000000,SXS: %s() found activation context data at %p with wrong format,RtlpQueryRunLevel,?,?,00000030,?,00000030,?,?,00000001,?,?), ref: 6F5849E1
                                                                                  Strings
                                                                                  • SXS: %s() found activation context data at %p with assembly roster that has no root, xrefs: 6F5849D9
                                                                                  • SXS: %s() found activation context data at %p with wrong format, xrefs: 6F584A03
                                                                                  • RtlpQueryRunLevel, xrefs: 6F5849D4, 6F5849FE
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Printmemset
                                                                                  • String ID: RtlpQueryRunLevel$SXS: %s() found activation context data at %p with assembly roster that has no root$SXS: %s() found activation context data at %p with wrong format
                                                                                  • API String ID: 4188176266-4139752556
                                                                                  • Opcode ID: d53d11b5b07e0e854139797a4cb91360494420b446540c2a5dfd144bb6b63251
                                                                                  • Instruction ID: dff3beab934ec3c5b7560bb1ac8a5f85ac781fc8b1525b9e2cbe70288d9ac869
                                                                                  • Opcode Fuzzy Hash: d53d11b5b07e0e854139797a4cb91360494420b446540c2a5dfd144bb6b63251
                                                                                  • Instruction Fuzzy Hash: A821B572A04390AFD325CF18C880E5BB7EDFBC5358F55866EF8659B241DA30ED40C6A5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5B40DC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0FE0), ref: 6F5B4110
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: RtlSetUserValueHeap
                                                                                  • API String ID: 3446177414-1142157168
                                                                                  • Opcode ID: b29965ea593aa718394fe288babdbcac9faad460af374993c9655027c54f3e1d
                                                                                  • Instruction ID: 3c1aa20478acc3442cf858bbf0db47566e8c387e714f5d09b13702331924049e
                                                                                  • Opcode Fuzzy Hash: b29965ea593aa718394fe288babdbcac9faad460af374993c9655027c54f3e1d
                                                                                  • Instruction Fuzzy Hash: 9B21B030D05799AEDB21DFB88910BDEBF72BF95358F04816DE4446B282CB315E46CB91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5B387C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6F5D0F20), ref: 6F5B38B3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: RtlGetUserInfoHeap
                                                                                  • API String ID: 3446177414-1656697243
                                                                                  • Opcode ID: d32a5022e74c8070c13f407200a1a45d82a470c42eff8ead3fe557e0c8a707a7
                                                                                  • Instruction ID: 24ea2df6ddf4473e8a5dd2c2002ae4ad981a7b8cc0be8a4fe198502b137715e3
                                                                                  • Opcode Fuzzy Hash: d32a5022e74c8070c13f407200a1a45d82a470c42eff8ead3fe557e0c8a707a7
                                                                                  • Instruction Fuzzy Hash: 1021AE3090535AAFDB01DFB88911BDEBF71AF46358F04856CE4887B292C7725E55CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5212BD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,?,?,-00000001,?,?,?,6F52127D,?,00000000,?,6F54FC21,00000000,00000000), ref: 6F521331
                                                                                  • memcpy.BCCB(00000000,?,?,?,00000000,?,?,-00000001,?,?,?,6F52127D,?,00000000,?,6F54FC21), ref: 6F521350
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocateHeapmemcpy
                                                                                  • String ID: `f^o
                                                                                  • API String ID: 1925790395-2936902558
                                                                                  • Opcode ID: 0788119011ad600295099f0e5e5bcc2700aa7ed2b0ef152942f7d0c499a9e16b
                                                                                  • Instruction ID: b21707451d5ec5d4fd2732466ca6266f6edaef72c02fdaa8b5c1912fbd4bdb0d
                                                                                  • Opcode Fuzzy Hash: 0788119011ad600295099f0e5e5bcc2700aa7ed2b0ef152942f7d0c499a9e16b
                                                                                  • Instruction Fuzzy Hash: 822129716446009FD724CF69C980B9BB3EAFB55354F10893DE5AACB691DA31AC40CB60
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5B4212, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,6F5E79A0,6F5D0EA8,00000024,6F566051,?,?,00000000,00000000,?,?,6F523347,?,00000000,?), ref: 6F5B423F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: DebugPrintTimes
                                                                                  • String ID: RtlSizeHeap
                                                                                  • API String ID: 3446177414-202636049
                                                                                  • Opcode ID: c84b12f71ab66a8c832aae9860e8d14e17affc4a90bfd48106751e0ba604e475
                                                                                  • Instruction ID: 2945d1df19dc1b6c34e506db1e322267b9d49e45685122fea4e14ff2e2b84799
                                                                                  • Opcode Fuzzy Hash: c84b12f71ab66a8c832aae9860e8d14e17affc4a90bfd48106751e0ba604e475
                                                                                  • Instruction Fuzzy Hash: 6B219F309057189BEF21CFA8C6147DDBBB1BF85328F14826CE4546B2D1C7765E85CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F573E13, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • wcschr.BCCB(?,0000002C,?,?,00000000,?,?,6F55060B), ref: 6F573E23
                                                                                  • wcstoul.BCCB(-00000002,6F55060B,00000010,?,?,00000000,?,?,6F55060B), ref: 6F573E3D
                                                                                  • DbgPrintEx.BCCB(00000055,00000003,CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X,?,?,00000000,?,?,6F55060B), ref: 6F573E5A
                                                                                    • Part of subcall function 6F573C93: wcschr.BCCB(?,0000003D,00000000,?), ref: 6F573CAC
                                                                                    • Part of subcall function 6F573C93: RtlInitUnicodeString.BCCB(?,-00000002,00000000,?), ref: 6F573CD0
                                                                                    • Part of subcall function 6F573C93: RtlAnsiStringToUnicodeString.BCCB(?,?,00000001,00000000,?), ref: 6F573D72
                                                                                    • Part of subcall function 6F573C93: RtlCompareUnicodeString.BCCB(?,?,00000001,?,?,00000001,00000000,?), ref: 6F573D89
                                                                                    • Part of subcall function 6F573C93: RtlFreeUnicodeString.BCCB(?,00000000,?), ref: 6F573DED
                                                                                  Strings
                                                                                  • CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X, xrefs: 6F573E51
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: String$Unicode$wcschr$AnsiCompareFreeInitPrintwcstoul
                                                                                  • String ID: CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X
                                                                                  • API String ID: 2652356044-1863042022
                                                                                  • Opcode ID: 2636455d67dbff01b0249d1f7065eae285baac68e012307acc398f61284b13a8
                                                                                  • Instruction ID: 3af51fb1dd4a031e73fe35bb9cd0ef876b443b90eca98b4a114b6bc0bcaeaef8
                                                                                  • Opcode Fuzzy Hash: 2636455d67dbff01b0249d1f7065eae285baac68e012307acc398f61284b13a8
                                                                                  • Instruction Fuzzy Hash: A3F0243220030476E7295A5AAC57EEB375CCFC5AB0F50017DFA1D9B2C1EEA1AD2182F4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F52BDFC, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E79E4,6F5E8654,00000000,?,6F530492,00000000,?,6F530459,6F5E8654,?,?,?,6F53042F,?,6F50ECE6,6F5E84D8), ref: 6F52BE09
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E79E4,6F5E79E4,6F5E8654,00000000,?,6F530492,00000000,?,6F530459,6F5E8654,?,?,?,6F53042F,?,6F50ECE6), ref: 6F52BE33
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E79E4,6F5E79E4,6F5E8654,00000000,?,6F530492,00000000,?,6F530459,6F5E8654,?,?,?,6F53042F,?,6F50ECE6), ref: 6F52BE58
                                                                                    • Part of subcall function 6F52BE62: ZwProtectVirtualMemory.BCCB(000000FF,?,00000000,-00000F38,-00000F38,?), ref: 6F52BE97
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireMemoryProtectVirtual
                                                                                  • String ID: y^o
                                                                                  • API String ID: 1407556199-2303352506
                                                                                  • Opcode ID: 792767b0207a1e56a54274cbe0728272fa2cd02fde6ee9ea00ce418b18752d9c
                                                                                  • Instruction ID: 52974aaf76e568d555a0267632179b7d54ac0a87d4305a42b843a23c38bd6171
                                                                                  • Opcode Fuzzy Hash: 792767b0207a1e56a54274cbe0728272fa2cd02fde6ee9ea00ce418b18752d9c
                                                                                  • Instruction Fuzzy Hash: 21F09A7284432032C92276245942B7B66A88F97F78F12433BEBA02A1C08B74AC9282D4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F1FA1, Relevance: 6.3, APIs: 4, Instructions: 266COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memcpy.BCCB(?,?,00000000,?,?,?), ref: 6F4F20AB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy
                                                                                  • String ID:
                                                                                  • API String ID: 3510742995-0
                                                                                  • Opcode ID: 094a81aa3f4895b8b4f9c6303ae940a6ff2e48010c8ea633b5300e1b65ed648b
                                                                                  • Instruction ID: 96e2c2188ce4dbe1cc4be1f41a35d9e2d074f3402c78638bc1f6aac09f985969
                                                                                  • Opcode Fuzzy Hash: 094a81aa3f4895b8b4f9c6303ae940a6ff2e48010c8ea633b5300e1b65ed648b
                                                                                  • Instruction Fuzzy Hash: 19A161719016599BDB24CA2C8940BEA73F9BF84314F1081BA995DE7284DF35AE83CFD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F11E0, Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • iswctype.BCCB(0000000A,00000004), ref: 6F4F1244
                                                                                  • iswctype.BCCB(00000000,00000004), ref: 6F54EC6A
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: iswctype
                                                                                  • String ID:
                                                                                  • API String ID: 304682654-0
                                                                                  • Opcode ID: 1f344b33791a5496fbe9e75728d9247cc6bb00a1fab00cde5539a0feebcccfce
                                                                                  • Instruction ID: 7b9839db9e43fc44f1b464127b570deae9900bdb64cac1869b416143ca7b54a4
                                                                                  • Opcode Fuzzy Hash: 1f344b33791a5496fbe9e75728d9247cc6bb00a1fab00cde5539a0feebcccfce
                                                                                  • Instruction Fuzzy Hash: AA71BFB1E0411A8BDB18CAE8C590AFD77F2AFC5310F11492BD855F7A80D7399D42C760
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F508800, Relevance: 6.2, APIs: 4, Instructions: 179COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memcmp.BCCB(6F5E84DC,6F4D1184,00000010,-00000054,?,00000000,00000001,?,6F5E52D8), ref: 6F5088A8
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E86CC,-00000054,?,00000000,00000001,?,6F5E52D8), ref: 6F508901
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E86CC,6F5E86CC,-00000054,?,00000000,00000001,?,6F5E52D8), ref: 6F508933
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E86CC,-00000054,?,00000000,00000001,?,6F5E52D8), ref: 6F559C65
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Acquire$Releasememcmp
                                                                                  • String ID:
                                                                                  • API String ID: 2792186644-0
                                                                                  • Opcode ID: 466ae17db73e03628314232267efc1c90390d6808967820379bacf37f563f457
                                                                                  • Instruction ID: fed81bc35bd40f337e9edb6e0f38d1b6f87e9e73c4100cfbbc69f26537a3d147
                                                                                  • Opcode Fuzzy Hash: 466ae17db73e03628314232267efc1c90390d6808967820379bacf37f563f457
                                                                                  • Instruction Fuzzy Hash: 2F51C371A0830ADBEF08EF58C580EAE77B1FF85306F16497AD815AB145D730AE45CB92
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F1E50, Relevance: 6.2, APIs: 4, Instructions: 169COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlNtStatusToDosError.BCCB(C000000D,?,00000000,6F5CF330,00000018), ref: 6F54F223
                                                                                  • RtlNtStatusToDosError.BCCB(C000000D), ref: 6F54F2A6
                                                                                  • RtlEnterCriticalSection.BCCB(?), ref: 6F54F2BB
                                                                                  • RtlNtStatusToDosError.BCCB(C000000D), ref: 6F54F2E2
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ErrorStatus$CriticalEnterSection
                                                                                  • String ID:
                                                                                  • API String ID: 152543406-0
                                                                                  • Opcode ID: 2e14b689a1d0b5a3e67b62b1b2d5b2c1c39f983917efa09a9b66a81f05cb9252
                                                                                  • Instruction ID: c2ce53b6a47542b4f7ab25e66f4825d1cfa7f83af11810c587e2de86ca139874
                                                                                  • Opcode Fuzzy Hash: 2e14b689a1d0b5a3e67b62b1b2d5b2c1c39f983917efa09a9b66a81f05cb9252
                                                                                  • Instruction Fuzzy Hash: 1451D571A057859FDB14CF68C940BEA7BF2AFC5318F00856DD8595BB80C735AC46CBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F528ED7, Relevance: 6.1, APIs: 4, Instructions: 110libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • wcsrchr.BCCB(?,0000005C,00000000,00000000,00000000), ref: 6F528F1B
                                                                                  • memcpy.BCCB(?,?,?,00000000,00000000,00000000), ref: 6F528F72
                                                                                  • LdrFindEntryForAddress.BCCB(?,?,00000000,00000000,00000000), ref: 6F528F9D
                                                                                  • memcpy.BCCB(?,?,00000004,?,?,00000000,00000000,00000000), ref: 6F528FD3
                                                                                    • Part of subcall function 6F5292FC: RtlEnterCriticalSection.BCCB(6F5E6D80,6F5D0158,00000018,6F4F63DB), ref: 6F529331
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: memcpy$AddressCriticalEnterEntryFindSectionwcsrchr
                                                                                  • String ID:
                                                                                  • API String ID: 3299649961-0
                                                                                  • Opcode ID: c6ea268ef8c8fcab1552981f2e0ff5c81db2efd0c6554e3dd484ce8b91997272
                                                                                  • Instruction ID: b4f433895cab0b2cde7fedc110f24f51d0f3d154a7f1256343b11928f14e85b4
                                                                                  • Opcode Fuzzy Hash: c6ea268ef8c8fcab1552981f2e0ff5c81db2efd0c6554e3dd484ce8b91997272
                                                                                  • Instruction Fuzzy Hash: 29317E722097029FD709CF68C850A6AB7E2FF84311F18863AF8558B6D0D730ED608BD6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5CED52, Relevance: 6.1, APIs: 4, Instructions: 110timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E8684,6F5E8668,?,?,6F5E8668,6F5E8668,?,6F5CE5F4,?,80000002,6F5E8668,6F5E8660), ref: 6F5CEDA9
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E8684,6F5E8684,6F5E8668,?,?,6F5E8668,6F5E8668,?,6F5CE5F4,?,80000002,6F5E8668,6F5E8660), ref: 6F5CEE42
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,6F5E8684,6F5E8684,6F5E8668,?,?,6F5E8668,6F5E8668,?,6F5CE5F4,?,80000002,6F5E8668,6F5E8660), ref: 6F5CEE50
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E8684,6F5E8684,6F5E8668,?,?,6F5E8668,6F5E8668,?,6F5CE5F4,?,80000002,6F5E8668,6F5E8660), ref: 6F5CEE5B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$Release$AcquireDebugPrintTimes
                                                                                  • String ID:
                                                                                  • API String ID: 309489879-0
                                                                                  • Opcode ID: 31edf06778ac82b8fcacc5dfbbb3f80505005fab41abad1bd207443a854dd1c7
                                                                                  • Instruction ID: c31d3f698bec764049021544ed1d14418bc94d3b1913ba3f62ee5bde4022dfeb
                                                                                  • Opcode Fuzzy Hash: 31edf06778ac82b8fcacc5dfbbb3f80505005fab41abad1bd207443a854dd1c7
                                                                                  • Instruction Fuzzy Hash: B231E372A009259B8B18CE68CC915A9B7F5EF8A320318427DE826CB395DB34FD41CBC1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51ECE0, Relevance: 6.1, APIs: 4, Instructions: 103timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,00000000,00000000), ref: 6F51ED2C
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,00000000,00000000,?,00000000,00000000), ref: 6F51ED90
                                                                                  • TpSetWaitEx.BCCB ref: 6F5642DE
                                                                                  • RtlDebugPrintTimes.BCCB(?,?,00000000,00000000,?,00000000,00000000), ref: 6F56432F
                                                                                    • Part of subcall function 6F51FC39: ZwAssociateWaitCompletionPacket.BCCB(?,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000,?,00000000,00000000), ref: 6F51FC71
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLockWait$AcquireAssociateCompletionDebugPacketPrintReleaseTimes
                                                                                  • String ID:
                                                                                  • API String ID: 1549838691-0
                                                                                  • Opcode ID: b93e43674e2f8ad45a1cdd3f1893080b1abadf18e442174e343bc043e71bc4bd
                                                                                  • Instruction ID: 3d7a0453c701766951266ea5b7f0629662aff05d4a7282acaf1344dd2fa15783
                                                                                  • Opcode Fuzzy Hash: b93e43674e2f8ad45a1cdd3f1893080b1abadf18e442174e343bc043e71bc4bd
                                                                                  • Instruction Fuzzy Hash: CE319075608B1BABE714DE348840BAAB7A5BF89314F054A3ED86987640DB30FC258BD1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5AC08A, Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(?,?,?,?,00000001,?,?,?,6F5ABC33,?,C0000002,00000020,?,?), ref: 6F5AC0CA
                                                                                  • memcpy.BCCB(0000000C,?,?,?,?,?,?,?,?,00000001,?,?,?,6F5ABC33,?,C0000002), ref: 6F5AC115
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(?,?,?,?,?,?,?,00000001,?,?,?,6F5ABC33,?,C0000002,00000020,?), ref: 6F5AC17F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLock$AcquireReleasememcpy
                                                                                  • String ID:
                                                                                  • API String ID: 753335654-0
                                                                                  • Opcode ID: 17cf4b5ca33fad231962700eea53dd0e6043f61bff18438556f7d29222e02d4a
                                                                                  • Instruction ID: 16e247c56941d2ecfd8c26464f53fab8357a5035539b158cdb7d6dadb3ce9a46
                                                                                  • Opcode Fuzzy Hash: 17cf4b5ca33fad231962700eea53dd0e6043f61bff18438556f7d29222e02d4a
                                                                                  • Instruction Fuzzy Hash: 1F31D276A08605ABC719CF68C884AEAB3B9FF44714B04C43DE8599B201DB31FE62C7D4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5C8050, Relevance: 6.1, APIs: 4, Instructions: 78threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockExclusive.BCCB(6F5E86C4,00000008,?,00000000,00000008,?,6F54F8D6,?,00000000,00000000,?,6F4F22D2,00000000,?,00000000,00000034), ref: 6F5C80AA
                                                                                  • RtlReleaseSRWLockExclusive.BCCB(6F5E86C4,6F5E86C4,00000008,?,00000000,00000008,?,6F54F8D6,?,00000000,00000000,?,6F4F22D2,00000000,?,00000000), ref: 6F5C80DD
                                                                                  • TpSetPoolMaxThreads.BCCB(00000000,00000000,6F5E86C4,6F5E86C4,00000008,?,00000000,00000008,?,6F54F8D6,?,00000000,00000000,?,6F4F22D2,00000000), ref: 6F5C80F3
                                                                                  • TpSetPoolMaxThreadsSoftLimit.BCCB(00000000,00000000,00000000,00000000,6F5E86C4,6F5E86C4,00000008,?,00000000,00000008,?,6F54F8D6,?,00000000,00000000), ref: 6F5C80FB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ExclusiveLockPoolThreads$AcquireLimitReleaseSoft
                                                                                  • String ID:
                                                                                  • API String ID: 4208054433-0
                                                                                  • Opcode ID: 90f0ad88f96679077aaa564e0aa5f3c5cb746a3cfc65f91f8c1fa644bbb217d1
                                                                                  • Instruction ID: 488581f1b4af77af9f16fb824d45567706310b41e5de41cdbf55c50cf8efe304
                                                                                  • Opcode Fuzzy Hash: 90f0ad88f96679077aaa564e0aa5f3c5cb746a3cfc65f91f8c1fa644bbb217d1
                                                                                  • Instruction Fuzzy Hash: 1A11D632B0D6255787149AAD4D90A8BAAD49BC5757F13023EED22F73C0DA21AD41C6E3
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F582D0B, Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAcquireSRWLockShared.BCCB(?,00000000,00000000,00000008,?,?,6F54FFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000), ref: 6F582D24
                                                                                  • RtlAcquireSRWLockShared.BCCB(0000000C,?,00000000,00000000,00000008,?,?,6F54FFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6F582D3C
                                                                                    • Part of subcall function 6F51FAD0: RtlDllShutdownInProgress.BCCB(00000000), ref: 6F51FB35
                                                                                    • Part of subcall function 6F51FAD0: ZwWaitForAlertByThreadId.BCCB(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6F51FBE3
                                                                                  • RtlReleaseSRWLockShared.BCCB(0000000C,0000000C,?,00000000,00000000,00000008,?,?,6F54FFD2,00000000,?), ref: 6F582D6A
                                                                                  • RtlReleaseSRWLockShared.BCCB(?,?,00000000,00000000,00000008,?,?,6F54FFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6F582D95
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: LockShared$AcquireRelease$AlertProgressShutdownThreadWait
                                                                                  • String ID:
                                                                                  • API String ID: 276812241-0
                                                                                  • Opcode ID: ccc5ee8cf6aae26475bea3da33a32e60a5aeb6f58a19e61665a574798bf0bc1d
                                                                                  • Instruction ID: 8da098b16c32548610619c265a29d66c4bb93720cbf0c364f50cf700cefee6df
                                                                                  • Opcode Fuzzy Hash: ccc5ee8cf6aae26475bea3da33a32e60a5aeb6f58a19e61665a574798bf0bc1d
                                                                                  • Instruction Fuzzy Hash: F211CE315057299BDB20CB44C580996BBFCEB81328B14843ED56B83200D735FD0ACBA1
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51E63F, Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlSetThreadWorkOnBehalfTicket.BCCB(?,?,?), ref: 6F51E68B
                                                                                  • TpCallbackMayRunLong.BCCB(?,?,?), ref: 6F51E6A3
                                                                                  • RtlActivateActivationContextUnsafeFast.BCCB(?,?,?,?,?,6F529688,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6F54E258
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: ActivateActivationBehalfCallbackContextFastLongThreadTicketUnsafeWork
                                                                                  • String ID:
                                                                                  • API String ID: 3384506009-0
                                                                                  • Opcode ID: 09daa6f13e10e10deb403ab3800f05a1ef34cbce950abe0e6d2b8a8228a42360
                                                                                  • Instruction ID: a99110a6ce94f73365d7814b7265fd315288d0daab5a1d43cd673aaca6e43ed9
                                                                                  • Opcode Fuzzy Hash: 09daa6f13e10e10deb403ab3800f05a1ef34cbce950abe0e6d2b8a8228a42360
                                                                                  • Instruction Fuzzy Hash: 0301D6315487008FE720CF29D884B43B7E8EF86328F900A7AD9598B985D771FC82C785
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F523B5A, Relevance: 6.1, APIs: 4, Instructions: 51memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFreeHeap.BCCB(?,?,?,6F523AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6F566208
                                                                                  • RtlFreeHeap.BCCB(?,?,?,6F523AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6F56622C
                                                                                  • RtlFreeHeap.BCCB(?,?,?,6F523AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6F566250
                                                                                  • RtlFreeHeap.BCCB(?,?,00000000,6F523AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6F56626D
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3298025750-0
                                                                                  • Opcode ID: 91370e43eb6c71f05482b9fafb1a7272dead1206af49b6dc6cd69e5110664d26
                                                                                  • Instruction ID: fb8ed82da8095c2a94e48ca73ff3b1a6805093fd04408a17de35fc367d745de8
                                                                                  • Opcode Fuzzy Hash: 91370e43eb6c71f05482b9fafb1a7272dead1206af49b6dc6cd69e5110664d26
                                                                                  • Instruction Fuzzy Hash: F6110A36505A54DFDB15DF48CA40F9A73B9FB49618F160178E825AB762C328FC11CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F5A8061, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 402COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: xl--$xn--
                                                                                  • API String ID: 0-2182639396
                                                                                  • Opcode ID: 8142caf1d0ad60ad35ed19be3d8c5ba7b1d337396c2a25fdb65f8f570ecc505d
                                                                                  • Instruction ID: 3f5ed5bedfa1cf800a81657933df8f5865f22d9b2738510c20f7ef3a8fd5acb9
                                                                                  • Opcode Fuzzy Hash: 8142caf1d0ad60ad35ed19be3d8c5ba7b1d337396c2a25fdb65f8f570ecc505d
                                                                                  • Instruction Fuzzy Hash: 4BE10671E086998FCF14CF68C8806EDB7B1FF84315F24847AD955AB240E7769D52CB42
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F511F30, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 163COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlxOemStringToUnicodeSize.BCCB(?,?,00000000,?,00000001,?,?,?,?,?,6F5417F0,6F5CFC68,000000FE,?,6F573D77,?), ref: 6F55CEE2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: RtlxSizeStringUnicode
                                                                                  • String ID: w=Wo
                                                                                  • API String ID: 2371059093-3555231392
                                                                                  • Opcode ID: fb6f4d967969aa8e70137a13a333a8707e30157200ba7b555fa1a609b6b9fa38
                                                                                  • Instruction ID: 29e67e68d063e108f5f527aa6e93bc2c5fd06b49e2fa92f6b3a54a1ed10ae3aa
                                                                                  • Opcode Fuzzy Hash: fb6f4d967969aa8e70137a13a333a8707e30157200ba7b555fa1a609b6b9fa38
                                                                                  • Instruction Fuzzy Hash: F65199B4808269DBDB10CF69C5806AEBBF4FF4A314F10862FE851A7250E734AD50CBA4
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F51DD82, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 162COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlEnterCriticalSection.BCCB(6F5E7B60,?,?,?,?,?,00000000,?,?,?,00000000,?,00000000,?,?,?), ref: 6F51DED2
                                                                                  • RtlLeaveCriticalSection.BCCB(6F5E7B60,?,?,?,00000000,?,?,?,00000000,?,00000000,?,?,?,00000000,?), ref: 6F51DF06
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                  • String ID: `{^o
                                                                                  • API String ID: 3168844106-3153306557
                                                                                  • Opcode ID: bc0d7236b135d2b70d1909d8964016c9f7251a4c00261aa497185b7ce89b26f1
                                                                                  • Instruction ID: a0655dd5a11f466dc547e2517624d33050eb2c26e09edd4591627edb3aca776c
                                                                                  • Opcode Fuzzy Hash: bc0d7236b135d2b70d1909d8964016c9f7251a4c00261aa497185b7ce89b26f1
                                                                                  • Instruction Fuzzy Hash: A351E371909605DFD718CF28D580A46BBF6BF9A315B25C6BAD0188B352E731FD82CB90
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F4F2240, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99memorytimeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.BCCB(?,00000000,00000034,?,?,?,?,?,?,?,?,?,6F5CF350,0000004C), ref: 6F4F22AC
                                                                                  • TpAllocTimer.BCCB(00000020,6F5C9440,00000000,00000003,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 6F4F235A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: AllocAllocateHeapTimer
                                                                                  • String ID: (
                                                                                  • API String ID: 2926205940-3887548279
                                                                                  • Opcode ID: a456d424212b14abdce850fa2c8b7df828be266b4a6cfd20764e17c7360c8be9
                                                                                  • Instruction ID: 23f7eec8528da89e95f8bc0418145bd238f98f3977b573a20cc78dafa566e6ef
                                                                                  • Opcode Fuzzy Hash: a456d424212b14abdce850fa2c8b7df828be266b4a6cfd20764e17c7360c8be9
                                                                                  • Instruction Fuzzy Hash: 094107B0D15799DFCB04CFA8C540A8DBBB5BF48714F10426AE458AB681C7B4AA52CF94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 6F57F2B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _wcsicmp.BCCB(?,?,-00000054,-00000054,00000000), ref: 6F57F2FB
                                                                                  • DbgPrint.BCCB(AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports ,?,?,-00000054,-00000054,00000000), ref: 6F57F323
                                                                                  Strings
                                                                                  • AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports , xrefs: 6F57F31E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000E.00000002.788823862.000000006F4D1000.00000020.00020000.sdmp, Offset: 6F4D0000, based on PE: true
                                                                                  • Associated: 0000000E.00000002.788814068.000000006F4D0000.00000002.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789035612.000000006F5E5000.00000008.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789043315.000000006F5EB000.00000004.00020000.sdmp Download File
                                                                                  • Associated: 0000000E.00000002.789051161.000000006F5EF000.00000002.00020000.sdmp Download File
                                                                                  Similarity
                                                                                  • API ID: Print_wcsicmp
                                                                                  • String ID: AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports
                                                                                  • API String ID: 2655330621-555053354
                                                                                  • Opcode ID: 08ea89c9b45b756419536593185edc140b4d9e9c78eaf964023f30931c0d6b78
                                                                                  • Instruction ID: b9354fe6b32694fa8e50f685ff5390ea7bafbaecce3370fee96976b38a656141
                                                                                  • Opcode Fuzzy Hash: 08ea89c9b45b756419536593185edc140b4d9e9c78eaf964023f30931c0d6b78
                                                                                  • Instruction Fuzzy Hash: C521AF72904608EBCB21CF54DA80BADBBF5BF85324F2541A9D8642B691DB31BD51DBC0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%